Since Microsoft has Released Azure AD Domain Services, many questions are coming up, and the top one of them might be: Can I join my Windows 10 Client through the internet to my Domain and receive Group Policies? No, you can’t.
But besides this, there are other questions that remains to be answered, and I will try to do so.
The first thing is to explain, what is required to get the Azure AD Domain Services (AAD DS) up and running:
1. Create a group in Azure AD called “AAD DC Administrators”
2. Create a VNET in Azure if not already existent
3. Activate the AAD DS in the Azure Portal:
4. Update DNS Settings for the specific VNET
And now, you are ready to go, for a more detailed explanation refer to this Microsoft Article.
Now you are able to:
But you are not able to:
If everything is set up, and you want to join your first machine to your Azure AD Domain Services, make sure that you can ping your selected Domain Name. See this guide from Microsoft to Join a AAD DS Domain: Join a Windows Server virtual machine to a managed domain
If you receiving the error, that your username and Password is incorrect when you are joining the Domain, check the following two Options:
1. When using an Azure AD Account, change the password of the Account, by doing this, Azure AD can sync the hash of the Password to the AAD DS (outlined here)
2. When using a synced On-Prem AD Account, make sure that password sync is enabled within Azure AD Connect, and the passwords are successfully synced
Now let’s have a look how you can configure the Azure AD Domain Service, just install the Remote Server Administration Tools an a virtual machine that is joined to the AAD DS, and login with an AAD DS Admin onto this machine. Afterwards you can start your Management Tools and you are able to Manage the AAD DS, here is a view of the ADUC:
Here is the DNS Console:
And this screenshot shows the Group Policy Management Console (gpmc.msc) for the Azure Active Directory Domain Services:
You can’t create any own GPOs, and you are not Domain Admin:
This is very solid and usable in certain circumstances where a Domain Controller is required to serve within Azure Infrastructure as a Service.