0

I've no experience deploying domain services from Azure/Intune, just plenty of experience with an on-prem domain controller.

I have a client here who has an azure tenant, O365 and a domain setup. I'm trying to deploy identity management/domain services and join 8 laptops to the domain.

The problem I'm having is I can't seem to figure out how this works? Everything I read states that I need to be signed into the computer with a Microsoft account, however when I try to login with one of the users I've created in Azure (name@domain.com) it says that isn't a valid Microsoft account (which it's not it's a user created in Azure).

I don't want the computers signed in with a Microsoft account, I'm trying to emulate the same behavior as an on-prem domain controller, where the users can sign into any of these laptops with their users created in Azure.

What am I missing here?

boog
  • 220
  • 3
  • 11
  • 1
    Of topic: Questions should demonstrate reasonable information technology management practices. Questions that relate to unsupported hardware or software platforms or unmaintained environments may not be suitable for Server Fault. - maybe hire someone competent? "I have no idea how to do something basic" and "trying to figure out" but not "reading documentation" is a little, you know, not best practices. – TomTom Aug 12 '23 at 21:51

2 Answers2

2

Azure AD service, aka Azure ADDS which need Azure AD premium P2 account will need an azure login type.

I suggest to do the OOBE correctly to have them inside your tenant, else you need local account with their azure account attached to the login, which is a pain to maintain in the long run. Its probably that headache you hit to try the login.

If you want an true AD style login but have no physical server, then you need a VM in Azure with the AD role, with a site to site vpn to make the domain act like you want, but there is more cost behinds that.

yagmoth555
  • 16,758
  • 4
  • 29
  • 50
  • thank you for the information. Yes the accounts were never used to join the domain during OOBE, that sounds like the hangup I'm running into. There's currently local accounts. There's only a total of 10 PCs and I won't be managing these devices in the future so I'm not worried about ease of management- they simply want to be able to authenticate/login to the PCs using their azure accounts. Thanks again, looks like I'll have to figure this out – boog Aug 13 '23 at 19:06
1

Just as with traditional AD DS, you need to join the computer to Azure AD to be able to log in with an Azure AD user account.

https://petri.com/how-to-join-windows-10-to-azure-active-directory/

joeqwerty
  • 109,901
  • 6
  • 81
  • 172