Hi,
I have enabled the AADLogonForWindows extension on a Windows server 2021 Datacentre edition Azure VM I have created. I have been able to logon without any errors using my Tenant Active Directory credentials. I works perfectly.
All well and good. Of course this is fine for administrator sessions (up to two RDP session to this server are permitted for ongoing administration purposes).
I of course am looking to use this facility to allow standard users to access the server configured in this way to have standard user workload session. In order to allow licenses users to initiate standard user sessions on the server I would have to Enable the RDS required roles on the server (to provide the necessary Licensing, Broker, etc RDS function required). This is where the brick wall is hit. I am unable to deploy the RDS roles required as the server is of the opinion that the server is not Active Directory joined (although it is through the AADLogonforWindows extension configuration and is shown as joined in the Active Directory list of devices).
Must I join the server to the Active Directory in another way? Must I join the VM to an Azure Active Directory Directory services service that I implement in a subnet addressable to the VM/s in question?
So this facility is very nice - but seems to be purely for those who require administration sessions (up to two concurrent) on the server.
Or am I missing the point!
Does RDS work differently with the AADLogonForWindows extension installed? I would appreciate some refrence to the appropriate way of configuring RDS to work with the intended benefits of AADLogonforWindows extension installed features.