Domain joining an Azure VDI to a corporate Windows Server AD
Can you domain join an Azure VDI to a corporate Windows AD?
Yes. Windows Server Active Directory Domain Services (ADDS) which is synchronized with Azure Active Directory (AAD) using Azure Active Directory Connect. In this case:
- User identities are sourced from Windows Server AD
- Virtual Desktops are domain joined to Windows Server AD
Fileshares (corporate fileshare from an Azure VDI)?
-
On-premises AD DS authentication
Yes, domain-joined machines or VMs are required to access Azure file shares. The domain controllers must be set up on-premises or on Azure VMs. The domain-joined clients must be within the domain service’s corporate network or virtual network (VNET).
-
Microsoft Entra Domain Services authentication
Yes, non-domain-joined VMs can access Azure file shares if they have network connectivity to the domain controllers. The user accessing the file share must have an identity in the Microsoft Entra Domain Services managed domain.
-
Windows File Explorer
Yes, if you’re logged on to a domain-joined Windows client, you can use Windows File Explorer to grant permissions to files and directories.
What is the alternative to joining to the Corporate AD?
Summary
Domain joining an Azure VDI to a windows server AD is possible – as is joining to an Azure AD (Entra) only domain.