Sign-In to OnPrem AD Computer with AzureAD User

Copper Contributor

We are using a hybrid On-Premises Active Directory Domain and Azure active directory. All of our computers are local AD joined and utilize on prem group policies.

 

We have several conference rooms that have "service" accounts that are used to sign in to them locally. Then there is a room resource in O365 that is used to schedule meetings in the conference room. We want to setup the room resource account to be used as a "room resource" in Office365, and then be able to use that resource account to login to the local AD computer. We want to make scheduling easier and more streamlined for users instead of having two accounts that they technically have to invite to the meeting to be on the calendar and be able to join the teams meeting on the local computer.

 

I have tried to convert the exchange mailbox to a room instead of regular usage, but that seems to break the AzureAD Connection between Office365/Azure and Local AD. 

 

Any advice would be appreciated.

1 Reply

@gbrownz 

To allow the room resource account to sign in to the local AD computer, you can configure Azure AD Connect to synchronize the user account from Azure AD to your on-premises AD. This will allow the account to be recognized by the local AD as a valid user.

Here are the steps to achieve this:

 

1. In Azure Active Directory, create a user account for the room resource.


2. Assign a license to the user account if it doesn't already have one.


3. Install Azure AD Connect on a server in your on-premises environment.


4. During the installation, choose the option to customize the synchronization settings.


5. In the "Optional Features" section, select "Directory Extension Attribute Sync" and "Password Hash Sync".


6. In the "User sign-in" section, choose the "Password Hash Sync" option.


7. Proceed with the installation, following the prompts to configure the synchronization.


8. After the synchronization is complete, open Active Directory Users and Computers on your on-premises domain controller.


9. Locate the user account for the room resource and modify its attributes as needed (e.g., set the room capacity, set calendar permissions, etc.).


10. On the local AD computer, switch to the "Other User" sign-in screen.


11. Enter the user name in the format <AzureADUserPrincipalName>@<ADDomainName> (e.g., roomresource@contoso.local) and the password for the room resource account.


12. Sign in to the local AD computer using the room resource account.


By synchronizing the room resource account from Azure AD to your on-premises AD, you'll be able to use the same account for scheduling meetings in Office 365 and signing in to the local AD computer.