https://worldofeuc.com logo
Join Slack
Powered by
This message was deleted.
# _general
s
This message was deleted.
r
define "trusted"
💯 1
s
pretty much a a fellow domain member. If on prem syncs with azure AD i would have assumed that Azure AD has some type of trust membership with on prem. However, that doesnt seem to be the case in my testing
r
no, that's not the case at all. 🙂
k
No, for that trust to exist in both domains, it must be hybrid joined
s
Can Microsoft cloud PCs or Microsoft VDI in Azure hybrid join? And what would they hybrid join to? Azure or on Prem?
k
Yes, they can 🙂
👍 1
The hybrid join means that the machine is joined to both the Active Directory domain and the Azure AD domain. And depending on your configuration, the authentication happens in either Azure AD or Active Directory or both
s
I can look this up but is there downside to hybrid join over pure azure AD
k
It depends on how you look at it. In my opinion you shouldn't join a computer to the domain unless there is a specific reason. That reason might be an app dependency, legacy file server or print-solution, basically anything that relies on legacy Active Directory could be a reason to join your computer to the domain
What is it you are trying to achieve?
s
I have cloud PCs that i want to connect to our on prem domain to access resources. Print servers, files shares, apps ect. (it would go through our on prem to azure vpn)
k
Well, you can create a provisioning policy to do the domain join during the W365 provisioning phase
s
The end goal is to decomission the on prem domain so im not sure i want to join the cloud pc to the on prem domain just to move it back to azure.
k
You will have to provide a network connection with line of sight to a domain controller
s
Or is that my only choice. Join the Cloud PC to the on prem domain so that its hyrbid so it can get access to both on prem and azure servers and then when its time to decomission the on prem domain move the cloud pc back to azure asd
k
You don't have to join the machine to the domain to be able to access resources in that domain. As long as you provide a username and password that is valid in the domain, you should be able to access whatever that user has permissions to
I have an Azure AD joined W365 machine with access to a network that can see my domain resources in my lab-setup. I can access domain resources from that W365 even though it's not joined to the domain
s
Yeah, i can do that to but some apps use domain credentials to work properly. So i guess for now in this inbetween life Hybrid join is the best bet
k
Yes, IMO hybrid is the "inbetween" until you can go pure cloud managed
💯 1
e
a
If an Azure AD joined machine has line of sight to a domain controller, and you are using hybrid identities, the user will receive a Kerberos ticket and therefore have access to AD joined resources
👍 1
If your use case is VDI that requires access to AD resources then it continues to make sense to joined those VMs to AD instead of Azure AD
💯 1
r
@Webster Webster I think you accidently posted this in a thread when you wanted a separate post?
w
Sorry
r
No need to be sorry, I figured you would want more visibility with the message. 🙂
2 Views
Open in Slack
PreviousNext
Powered by