Populate a fresh domain controller, from Azure Active Directory?

Question

Hi all

So, for Windows Virtual Desktop, you need a typical domain controller, that's in sync with AAD. Buuuut... some of our clients don't have a traditional domain at all (except AAD).

I've been trying to find a procedure to populate a fresh/new domain controller, with directory information FROM an existing AAD. Not surprisingly, most documentation I've found in the usual searching relates to setting up AD sync and going the other way.

We need the AAD to be the authority, and the DC to get all its information from that. If the answer is "script the user/group creation for your DC from AAD, and then get AD sync working bi-directional", that's fine - but hoping there's a better/right way?

Answer 1

@AndrewWilliamson-1240 You should consider using Azure AD Domain Services in that case. Advantage of using Azure ADDS is all the users and groups which are created in AAD will automatically be synced to Azure ADDS and you don't need to install and configure AD Connect for synchronization between these directories.

Additionally, while creating an instance of Azure AD Domain Services, you have to select/create a Virtual Network. Make sure you use the same virtual network during the deployment of WVD, so that you don't need to do any additional configuration to locate DC during WVD domain join process.

-----------------------------------------------------------------------------------------------------------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.