Hello Mountain
Running an application on a machine that is not joined to the domain (in a workgroup or Azure AD joined) with credentials from your on-prem Active Directory can be a bit challenging due to the lack of a direct trust relationship between the non-domain-joined machine and the domain controller. Here are a few options you can explore to achieve this:
1. Using /netonly option: The /netonly
option with runas
allows you to run a program on a workgroup machine with domain user credentials for network resources. While using this option, you may still need to provide valid domain credentials when accessing domain resources. This option does not authenticate you to the domain when you run the command.
Example:
Copy
2. Create a credential for the domain user: You can create a PSCredential object with the domain user's credentials in PowerShell and then use the -Credential
parameter to run the application with those credentials.
Example:
Copy$Cred
Start-Process -FilePath
3. Use Remote Desktop: If the application can be accessed remotely, you could consider using Remote Desktop to connect to a machine that is part of the domain and run the application there with domain credentials.
4. Establish a trust relationship: If possible, you may consider establishing a trust relationship between the workgroup or Azure AD joined environment and the on-prem Active Directory domain. This would allow for seamless authentication and access between the machines.
5. Consider VPN: If possible, establish a VPN connection from the workgroup or Azure AD joined machine to the on-prem network to facilitate domain authentication.
6. Third-party tools: There are third-party tools available that can help with running applications as a domain user on non-domain-joined machines. Tools like Specops Gpupdate, BeyondTrust, or ManageEngine ADManager Plus could offer solutions to tackle this scenario.