question

kumarkaushal-1277 avatar image
0 Votes"
kumarkaushal-1277 asked prmanhas-MSFT commented

Azure Virtual desktop ->question

I have some questions on azure virtual desktop and need help with the same :

1)When we create a Host pool their we can two options

Select the directory you would like to Join

Active Directory
Azure Active directory

My understanding is : When you create an Onpremise AD you basically Sync it to Azure AD using AD connect tool .. And that is where all the users get synced .

Or you can also create your own Domain controller in azure and use AD connect to Sync with azure AD. Or you can also use AD DS . ..

Does this mean that if i select Active directory --> that means i am adding my machine to Active directory configured with a VM and that would create a Computer within the computers container ? But my Ad is in sync with azure AZURE AD using adconnect ..

How these are two are different ?

2)Now if i have made my on premise sync with azure active directory using AD connect .. and my domain name is XYZ.COM ..

But i have also configured Custom Domain names like abc.com

Can i make use virtual desktop to work both with Custom domain and Actual on premise domain which has synced with Azure AD .. ?

Not sure how we can even make this configuration . And to which domain i will join the Host pool ?

azure-virtual-desktop
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@kumarkaushal-1277 Apologies for the delay in response and all the inconvenience caused because of the issue. I have reached out to our internal team on this and will keep you posted once I have an update.

Thanks

0 Votes 0 ·

1 Answer

prmanhas-MSFT avatar image
0 Votes"
prmanhas-MSFT answered prmanhas-MSFT commented

@kumarkaushal-1277 I had discussion internally and got below response from our internal team:

1) If they select Active Directory in the portal when creating a host pool, they need to specify the FQDN of their AD domain and also optional the OU path were the VM should land in. If they don't specify an OU, it will land in computers container.

If this DC running in Azure is part of their on-premises AD as an additional DC, it doesn't make any difference. AD connect sync is only required once. If they want to build up an isolated AD in Azure with DCs running as VMs, they can do that, but this would then require an additional sync and also in most cases a separate AAD tenant. Seems to be a lot of overhead.


2) AVD relies on the UPN, so, as long as the configure the UPN properly to match between AAD and AD, it will work.

Hope it helps!!!

Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@prmanhas-MSFT .. Thanks for your response.


1)Is their a requirement that we should have a DC on azure or ADDS implementation in azure for azure VIRTUAL desktop session host users to login to sessions host who are joined to AD using Azure active directory ??

2) If the answer to above is YES

0 Votes 0 ·

@prmanhas-MSFT .. Thanks for your response.


1)Is their a requirement that we should have a DC on azure or ADDS implementation in azure for azure VIRTUAL desktop session host users to login to sessions host who are joined to AD using Azure active directory ??

2) If the answer to above is YES .. I have another question here .. If my domain is XYZ.com and that is in SYNC with azure AD using AD connect ... Then the domain that i would configure in azure ADDS will be of the same XYZ.com , how is this going to work ? I am not getting here as to how this can be even implemented .

0 Votes 0 ·
prmanhas-MSFT avatar image prmanhas-MSFT kumarkaushal-1277 ·

@kumarkaushal-1277 1) it is not a requirement to have a DC or ADDS running in Azure. When it comes to the use of Active Directory, AVD VMs require that they can reach a DC over the network, that DC/ADDS environment can be located on-premises and connected via Express Route or S2S VPN. This on-premises AD DS needs to be synchronized to an Azure AD tenant using Azure AD Connect Sync.

2) As the answer is NO, I think it is not applicable.

You can refer to below since it will help you out with clarity over the concept :

https://www.policypak.com/resources/pp-blog/windows-virtual-desktop/

Hope it helps!!!

Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics


Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as convenient to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.
There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.


0 Votes 0 ·