So that. Here is the environment:
- A bunch of windows servers in ec2 instances in aws (1, 2, 3, x,...)
- A DC ec2 instance in aws also that we will call DC01.
- DC01 has azure connect and works fine and appears in the Azure portal as "Hybrid Azure AD joined".
- Servers joined to the domain in DC01 appears also in the Azure portal as "Hybrid Azure AD joined".
- My local machine is also joined to the same AAD in the same tenant.
- I can RDP to the servers and log in with credentials from the local domain.
I cannot RDP and log in with credentials from azure.
- There is mention of an extension in Azure for VM in Azure. But what about ec2 in aws?
I tried:
- Modifying the RDP file with:
address:s:IPADDRESS:3389
prompt for credentials:i:0
authentication level:i:2
enablecredsspsupport:i:0
username:s:USERNAME@DOMAIN.onmicrosoft.com | USERNAME@DOMAIN.com
domain:s:AzureAD
- Modifying the log in user:
azuread\username
azuread\username@domain.com
username@domain.com
username
- Deactivating the Network level authentication. But still cant log in as it says user or password are incorrect.
So the only thing left would be to import the users from Azure AD to the ADDS in DC01. But this would be so wack.
Recommendations and guides will be appreciated. I have follow the documentation from Microsoft but this is not explained.
- So i assume is not possible? Or just not intuitive?
- The users in Azure AD need an object of type user in the on-premise AD? If so can it be something not pair or that do not write to azure?
