Jul 24 2017
- last edited on
Jan 14 2022
I recently disconnected my on-prem AD machine and joined my machine to azure ad. I'm doing this to test some of the azure ad features and viability for some of our use cases to use azure ad instead..
With my azure ad joined machine i can \\ unc to on-prem resources, start and use ADUC, rdp to on-prem servers etc, essential i can do everything i used to be able to do when my machine was joined to on-prem AD, the only thing i cannot do is use the ActiveDriectory module in powershell.
I can use powershell remoting, eg, invoke-command against my on-prem AD, i can enter-pssession to AD, but i cannot do stuff like get-adcomputer, or get-aduser from my local powershell session any more..
the error i receive is
PS C:\Users\Andrew> Get-ADComputer abcd123 Get-ADComputer : Unable to find a default server with Active Directory Web Services running.
I have my on-prem ca root certificate installed in my local machine personal store. I have also tried the above command using the various -AuthType and -Credential switches/parameters, but i get the same web services error.
Any clues why i cannot use the ActiveDirectory powershell module?
Jul 24 2017 10:58 PM
Well, at the very least you will have to use the Credentials parameter when running AD PowerShell cmdlets on a non-domain PC. Or you can just open implicit remoting session via Enter-PSSession. Probably the network rules need to be adjusted, as well as WinRM config.
You dont have to leave the domain in order to join the computer to Azure AD btw.
Jul 25 2017 03:23 AM
Oh wow i didnt know that, so i can be joined to two directories at the same time?
Jul 25 2017 10:33 AM
Azure AD is not a "traditional" AD, and definitely not a replacement for on-prem AD. It's a poor choice of terminology basically, combined with some marketing crap.
But to answer the question, yes, you can "connect" domain-joined machines to Azure AD.