question

DirkManderin-7278 avatar image
0 Votes"
DirkManderin-7278 asked ·

Azure AD joined computers and long periods with no Internet

I have a remote site in a hurricane prone region. If they get hit, they could have no Internet access for weeks at a time. Our environment consists of Active Directory synced to Azure AD. Computers are Azure AD joined. Currently they have two file / application servers that are AD joined and one domain controller, all running in Hyper-V. If they lose internet access (so no Azure access either) for a few weeks:

Even though their computers are Azure AD joined (not hybrid), and the users login via Azure AD, would they be able to authenticate against their local DC if they couldn't connect to Azure?

If the above is true - the DC is currently read-write, which I'm not a big fan of since this is a very small office with minimal security Are there any limitations if they have a read-only DC instead and their office loses internet connectivity for a long period, so the RO DC can't talk to the other DCs VMs in Azure?

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered ·

@DirkManderin-7278 They can login but you need to understand that this is not the best security practice. Under the circumstances, if you must do it, you can enable the cached logon for windows where the users can login to the machine using the cached credential without the need to a DC to authentication.

Read more about it here : https://docs.microsoft.com/en-US/troubleshoot/windows-server/user-profiles-and-logon/cached-domain-logon-information



Things might break if there is a password reset scenario.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.