ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Azure AD and OnPrem Windows Server 2016

    Scheduled Pinned Locked Moved IT Discussion
    59 Posts 4 Posters 6.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender
      last edited by

      Does server 2016 support win10 style Azure AD connections?

      bigbearB 1 Reply Last reply Reply Quote 0
      • bigbearB
        bigbear @Dashrender
        last edited by

        @Dashrender apparently yes, but online from within an Azure virtual network on an Azure VM.

        Start at 9:55 and watch as they magically swipe AD off for AAD...

        Youtube Video

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @bigbear
          last edited by

          @bigbear said in Azure AD and OnPrem Windows Server 2016:

          It seems the only option is a VPN or to run your server on Azure.

          Something is CLEARLY wrong here. Azure AD doesn't support the use of VPNs and there is no possible way to run your own server on Azure for Azure AD. These aren't possible and don't make any sense if you know what Azure AD is. I think there is some underlying confusion here.

          bigbearB 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @bigbear
            last edited by

            @bigbear said in Azure AD and OnPrem Windows Server 2016:

            Has anyone tried to deplot a Vultr Server 2016 VM and connect it to Azure AD ... or even an OnPrem server (same difference)

            Azure AD has no on-prem option.

            bigbearB 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              I'm not sure if Azure AD is available for RDS yet or not.

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller
                last edited by

                Microsoft's documentation is so poor, and every product has "AD" or "Azure" in it, there is no way to search for any docs on it.

                1 Reply Last reply Reply Quote 0
                • bigbearB
                  bigbear @scottalanmiller
                  last edited by

                  @scottalanmiller said in Azure AD and OnPrem Windows Server 2016:

                  @bigbear said in Azure AD and OnPrem Windows Server 2016:

                  It seems the only option is a VPN or to run your server on Azure.

                  Something is CLEARLY wrong here. Azure AD doesn't support the use of VPNs and there is no possible way to run your own server on Azure for Azure AD. These aren't possible and don't make any sense if you know what Azure AD is. I think there is some underlying confusion here.

                  Azure VPN (I'm referring to site to site)
                  https://azure.microsoft.com/en-us/services/vpn-gateway/

                  I don't know where you got that I want to run an "Azure AD Server". I want to avoid running a normal AD server entirely in my RDS deployment.

                  Azure AD can be used as a replacement for AD to join an RDS server, but apparently only if you run your RDS server on an Azure VM. You have to connect it to your Azure Virtual Network. In the video above the Microsoft RDS guy is showing this.

                  If I were to run a RDS server on Vultr it would be considered "onprem" from the view of Azure AD. Or if I were to run RDS server in-house I would love to avoid deploying abnormal AD server here.

                  scottalanmillerS 2 Replies Last reply Reply Quote 0
                  • bigbearB
                    bigbear @scottalanmiller
                    last edited by

                    @scottalanmiller said in Azure AD and OnPrem Windows Server 2016:

                    @bigbear said in Azure AD and OnPrem Windows Server 2016:

                    Has anyone tried to deplot a Vultr Server 2016 VM and connect it to Azure AD ... or even an OnPrem server (same difference)

                    Azure AD has no on-prem option.

                    I am not talking about deploying Azure AD on Orem, rather connecting a Server 2016 box to Azure AD the way that Windows 10 and other devices can be connected.

                    Once I saw server 2016 can join Azure AD I got excited. But it seems it's only currently possible if you run an Azure VM and connect Azure AD on your Azure Virtual Network.

                    Leading me to wonder if the Azure Gateway VPN could be used to connect a non-Azure network (premise or Vultr) with Azure AD using a site-to-site link.

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @bigbear
                      last edited by

                      @bigbear said in Azure AD and OnPrem Windows Server 2016:

                      @scottalanmiller said in Azure AD and OnPrem Windows Server 2016:

                      @bigbear said in Azure AD and OnPrem Windows Server 2016:

                      It seems the only option is a VPN or to run your server on Azure.

                      Something is CLEARLY wrong here. Azure AD doesn't support the use of VPNs and there is no possible way to run your own server on Azure for Azure AD. These aren't possible and don't make any sense if you know what Azure AD is. I think there is some underlying confusion here.

                      Azure VPN (I'm referring to site to site)
                      https://azure.microsoft.com/en-us/services/vpn-gateway/

                      I know, but Azure AD doesn't go over that.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @bigbear
                        last edited by

                        @bigbear said in Azure AD and OnPrem Windows Server 2016:

                        Azure AD can be used as a replacement for AD to join an RDS server, but apparently only if you run your RDS server on an Azure VM. You have to connect it to your Azure Virtual Network. In the video above the Microsoft RDS guy is showing this.

                        From what I could find, this looks to only be the case if you add an AD server to the mix and have RDS talk to AD rather than to Azure AD.

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @bigbear
                          last edited by

                          @bigbear said in Azure AD and OnPrem Windows Server 2016:

                          Once I saw server 2016 can join Azure AD I got excited. But it seems it's only currently possible if you run an Azure VM and connect Azure AD on your Azure Virtual Network.

                          I saw that too, but it looked like it was using traditional AD domains, not Azure AD.

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            That video shows Azure AD AP and Azure AD DS, not straight Azure AD. Azure AD DS is using a real AD Server that is synced to Azure AD to deliver traditional AD, but with Azure AD controlling it. So if that is what you are basing the availability off of, that's actually RDS just on traditional AD, not Azure AD.

                            1 Reply Last reply Reply Quote 2
                            • bigbearB
                              bigbear
                              last edited by

                              He talks in the video above about elminating the need for AD servers and shows a cloud-only deployment of RDS, skip to minute 9:55

                              You maybe right. I'm starting to think about just ordering in a server and running an on-prem RDS. I'm about to attempt a deployment of Azure AD and an Azure VM with RDS and will report back.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @bigbear
                                last edited by

                                @bigbear said in Azure AD and OnPrem Windows Server 2016:

                                He talks in the video above about elminating the need for AD servers and shows a cloud-only deployment of RDS, skip to minute 9:55

                                I watched that. Like all MS videos, I think it's just marketing. Yes YOU don't need to run an AD server, MS runs it for you. That's how they "eliminate" it. But he then shows RDS talking to AD, not Azure AD, as how it works. So I'm pretty sure he just means that it's AD.

                                1 Reply Last reply Reply Quote 1
                                • scottalanmillerS
                                  scottalanmiller
                                  last edited by

                                  Or you could use a Linux AD server on Vultr. But that's still old school AD. Just cheaper. This is really a huge limitation of RDS, that's the core problem. It doesn't have Windows 10's authentication options.

                                  1 Reply Last reply Reply Quote 2
                                  • bigbearB
                                    bigbear
                                    last edited by

                                    Once again, you are correct lol. Man

                                    I tried deploying a private network on Vultr last night, an AD vm and a RDS vm.

                                    The AD vm ends up multihomed with an external and an internal interface. Apparently internet access is direct for each VM even when you have a private network, it just adds the private adapter. So you couldn't disable the external interface or you'd lose internet access. (Per tech support).

                                    My last ad deployments on premise was a .local domain. Based on previous feedback here we are back to using split DNS and the actual .com?

                                    Not sure how I would do it all on Vultr and remain secure.

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @bigbear
                                      last edited by

                                      @bigbear said in Azure AD and OnPrem Windows Server 2016:

                                      So you couldn't disable the external interface or you'd lose internet access. (Per tech support).

                                      Nothing wrong with that, might be the way to go.

                                      bigbearB 1 Reply Last reply Reply Quote 0
                                      • bigbearB
                                        bigbear @scottalanmiller
                                        last edited by

                                        @scottalanmiller only issue that came to mind was updates.

                                        scottalanmillerS bigbearB 2 Replies Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @bigbear
                                          last edited by

                                          @bigbear said in Azure AD and OnPrem Windows Server 2016:

                                          @scottalanmiller only issue that came to mind was updates.

                                          Yup, of course an issue. The solution there, and this isn't that great, is that you either use WSUS for Windows or a local mirror for Linux.

                                          bigbearB 1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller
                                            last edited by

                                            Which means another server and more of a pain.

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post