WVD with Azure AD Domain Services Endpoint Manager

%3CLINGO-SUB%20id%3D%22lingo-sub-2308786%22%20slang%3D%22de-DE%22%3EWVD%20with%20Azure%20AD%20Domain%20Services%20Endpoint%20Manager%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2308786%22%20slang%3D%22de-DE%22%3E%3CP%3EHello%2C%20%3CBR%20%2F%3E%20I%20am%20using%20WVD%20in%20a%20cloud-only%20environment.%20The%20session%20hosts%20are%20connected%20to%20the%20Azure%20AD%20domain%20services.%20The%20Azure%20AD%20Domain%20Services%20acts%20as%20a%20DC%20in%20the%20domain.%3C%2FP%3E%3CP%3ENow%20I%20would%20like%20to%20manage%20my%20session%20hosts%20(Windows%2010%20multi%20user)%20with%20the%20Endpoint%20Manager.%20How%20can%20I%20get%20the%20Session%20Hosts%20into%20the%20Endpoint%20Manager%3F%3C%2FP%3E%3CP%3EOne%20consideration%20is%20to%20create%20an%20extra%20server%20with%20AD%20Connect%20in%20the%20Azure%20AD%20DS%20domain.%20But%2C%20I%20don't%20find%20this%20way%20so%20nice.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20support%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EStefan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2309435%22%20slang%3D%22en-US%22%3ERe%3A%20WVD%20with%20Azure%20AD%20Domain%20Services%20Endpoint%20Manager%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2309435%22%20slang%3D%22en-US%22%3EYou%20can't%20since%20AADDS%20doesn't%20let%20you%20Sync%20Computer%20Objects%20to%20AzureAD.%20(It's%20one%20way%20from%20AzureAD%20to%20Windows%20Domain).%20AADDS%20is%20a%20limiting%20factor%20to%20all%20kinds%20of%20hybrid%20setups%20honestly.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20consideration%20you%20are%20making%20can't%20work%20either%20I%20believe.%20An%20AADDS%20domain%20is%20always%20a%20single%20forest%20on%20its%20own.%20You%20can't%20extend%20it%20via%20other%20Windows%20AD%20servers.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2311877%22%20slang%3D%22en-US%22%3ERe%3A%20WVD%20with%20Azure%20AD%20Domain%20Services%20Endpoint%20Manager%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2311877%22%20slang%3D%22en-US%22%3EHi%20Stefan%2C%3CBR%20%2F%3E%3CBR%20%2F%3EThat's%20what%20I%20meant%20with%20the%20second%20part%20of%20my%20response.%20That's%20not%20possible%20since%20you%20cannot%20add%20extra%20AD%20servers%20to%20an%20AADDS%20domain.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2312643%22%20slang%3D%22en-US%22%3ERe%3A%20WVD%20with%20Azure%20AD%20Domain%20Services%20Endpoint%20Manager%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2312643%22%20slang%3D%22en-US%22%3EI%20don't%20understand.%20Why%20can't%20I%20install%20a%20member%20server%20with%20AD%20Connect%3F%3CBR%20%2F%3E%3CBR%20%2F%3EI%20know%20that%20I%20cannot%20install%20another%20Domain%20Controller.%3C%2FLINGO-BODY%3E
Contributor

Hello,
I am using WVD in a cloud-only environment. The session hosts are connected to the Azure AD domain services. The Azure AD Domain Services acts as a DC in the domain.

Now I would like to manage my session hosts (Windows 10 multi user) with the Endpoint Manager. How can I get the Session Hosts into the Endpoint Manager?

One consideration is to create an extra server with AD Connect in the Azure AD DS domain. However, I don't find this way so nice.

 

Thanks for your support

 

Stefan

5 Replies
You can't since AADDS doesn't let you Sync Computer Objects to AzureAD. (It's one way from AzureAD to Windows Domain). AADDS is a limiting factor to all kinds of hybrid setups honestly.

The consideration you are making can't work either I believe. An AADDS domain is always a single forest on its own. You can't extend it via other Windows AD servers.
Thank you for your answer.

I was thinking of a member server with AD Connect in AADDS. Is this possible?
Hi Stefan,

That's what I meant with the second part of my response. That's not possible since you cannot add extra AD servers to an AADDS domain.
I don't understand. Why can't I install a member server with AD Connect?

I know that I cannot install another Domain Controller.
Sorry I misunderstood. In any case that won't work because you are not a domain/enterprise admin in the managed aadds domain. So you cannot provide credentials during that part of the AD connect installation.