So, for Windows Virtual Desktop, you need a typical domain controller, that's in sync with AAD. Buuuut... some of our clients don't have a traditional domain at all (except AAD).
I've been trying to find a procedure to populate a fresh/new domain controller, with directory information FROM an existing AAD. Not surprisingly, most documentation I've found in the usual searching relates to setting up AD sync and going the other way.
We need the AAD to be the authority, and the DC to get all its information from that. If the answer is "script the user/group creation for your DC from AAD, and then get AD sync working bi-directional", that's fine - but hoping there's a better/right way?