As of October 2016 to join Windows 10 computers to Azure AD Domain service requires these steps:
- Create a VNET in the classic portal. The VNET must be placed to a region where Azure AD domain service is available ((https://azure.microsoft.com/en-us/regions/services/)
- In the classic portal go to Directory -> Configure and enable the domain service. And wait for ~ 30 min
- When completed the IP address will be populated
- Go back to the VNET configuration and add a DNS server with the IP (10.0.0.4 in this case)
- Create the "AAD DC Administrator" administrators group (again in Directory -> Group). Members of this group are granted administrative privileges on machines that are domain-joined to the Azure AD Domain Services managed domain.
- Add to the group your users who are supposed to have the administrative access
- on a Windows 10 computer go to Settings -> Accounts (this is true for Windows 10 version 1607)
- then select 'Access work or school' and click on Connect
- On the next screen click on "Join this device to Azure Active Directory"
- Enter your email address (from Azure AD user) and password
- Click 'Sign In"
- and then 'Join"
- and you're done!
Now to connect to the VM running Windows 10 a couple of changes required.
- Disable 'Network Level Authentication' on the Windows 10 computer (clear the checkbox below)
- In the RDP file add these two lines
enablecredsspsupport:i:0
authentication level:i:2
- Now log into the Windows 10 VM with Azure credentials using this format
AzureAD\<your email address>
If you have Office 365 subscription when you can access it without being prompted for credentials (true SSO experience)
As I website owner I think the subject material here is real wonderful, appreciate windows 10 activator for your efforts.
ReplyDelete