Is this content up to date? "Azure Virtual Desktop VMs must domain-join an AD DS service"

Brett Jordan 0 Reputation points
2024-12-19T03:44:16.6366667+00:00

"Azure Virtual Desktop VMs must domain-join an AD DS service" Is it not now possible to use Entra ID join only?

Azure Training
Azure Training
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Training: Instruction to develop new skills.
1,865 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Navya Tipparapu 240 Reputation points Microsoft Vendor
    2024-12-19T08:43:02.62+00:00

    Hi Brett Jordan,

    Thank you to reaching out to Microsoft Q&A forum.
    However, now it is possible to join AVD VMs to Azure Active Directory (Azure AD, now called Entra ID) instead of AD DS. This means you can manage your virtual desktops using cloud-based identity services without needing to rely on traditional on-premises Active Directory.

    So, to answer your question: It is no longer necessary to domain-join AVD VMs to AD DS. You can use Entra ID (Azure AD) for identity management instead.
    For more information you can go through this link https://learn.microsoft.com/en-us/azure/virtual-desktop/azure-ad-joined-session-hosts.

    Here’s a basic troubleshooting guide for AVD VMs if you're experiencing issues with domain joining, whether through Azure AD Join or AD DS Join:

    1.Check the Domain Join Type
    Azure AD Join: Verify that you've set up the VM to join Azure Active Directory (Entra ID), not an on-prem traditional domain.
    AD DS Join: If using Active Directory Domain Services, ensure the VM is correctly set to join your on-prem AD domain.
    2.Check Network Connection
    Azure AD Join: Ensure the VM can connect to Azure AD via the internet.
    AD DS Join: For AD DS, make sure the VM can connect to your on-prem Active Directory
    over the network.
    3.Check Permissions
    Azure AD Join: the joining user should have adequate permissions in Azure AD
    AD DS Join: Should have permissions to join the domain in their Active Directory
    4.Check DNS Settings
    Azure AD Join: Ensure that the VM has a route to Azure AD DNS.
    AD DS Join: Check if the VM is pointed to the correct DNS server for AD
    5.Check the Time
    Both Azure AD Join and AD DS Join will require the VM's time to be correct and synched with the domain controller or Azure AD.
    6.Verify Firewall or Group Policy
    Verify that the firewall in the VM is not blocking the join.
    If using AD DS verify Group Policy is not preventing domain join.
    7.Verify Error Messages
    If the domain join fails, look for evidence in Event Viewer or Azure AD logs. Messages such as "DNS resolution failed" or "Insufficient permissions" might be helpful.

    This can usually be identified and corrected by just following these simple steps for domain-joining your Azure Virtual Desktop VMs.

    If you have any further questions, please feel free to reach out. I hope the information provided has been useful to you! If so, kindly click on "Accept Answer" or "Upvote" to acknowledge the response. Your feedback is greatly appreciated and will help others with similar queries. Thank you for contributing to improving Microsoft Q&A!


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.