Windows Remote Management for Azure Active Directory Connect
Article
Applies To: Azure
For the Single sign-on (SSO) with AD FS option, configure Windows Remote Management as follows to enable remote management from the server that runs Azure Active Directory Connect to a non-domain joined server that runs the Web Application Proxy role.
On the target server that runs the Web Application Proxy role
Ensure Windows Remote Management/WS-Management service (WinRM) is running via the Services snap-in.
In an elevated Windows PowerShell session, run Enable-PSRemoting –force.
In DNS
Create a host (A) record for the host name of the DMZ server. This results in a DNS entry for the FQDN, such as dmzhost1.contoso.com.
On the server where Azure Active Directory Connect is running (if the target machine is non-domain joined or in an untrusted domain)
In an elevated Windows PowerShell session, run Set-Item WSMan:\localhost\Client\TrustedHosts –Value <DMZServerFQDN> -Force –Concatenate
In Server Manager
Add the DMZ Web Application Proxy host to machine pool (Server Manager -> Manage -> Add Servers...use DNS tab).
In Server Manager on the All Servers tab, right-click the Web Application Proxy server and choose Manage As.... Enter local administrator credentials (not a domain account) for the Web Application Proxy server.
Validate remote Windows PowerShell connectivity. In the Server Manager, on the All Servers tab, right-click the Web Application Proxy server and choose Windows PowerShell. A remote Windows PowerShell session should open to ensure remote sessions can be established.