Azure AD and OnPrem Windows Server 2016

scottalanmiller

Which means another server and more of a pain.

bigbear

@bigbear well another issue, depending on where I store all my data. Do I launch a 3rd server with Vultr BLOB storage and share it to the terminal server, cause that would be another server without internet/updates/backup.

Or do I directly attach a volume with BLOB storage to the terminal server? Which seems odd...

bigbear

@scottalanmiller said in Azure AD and OnPrem Windows Server 2016:

@bigbear said in Azure AD and OnPrem Windows Server 2016:

@scottalanmiller only issue that came to mind was updates.

Yup, of course an issue. The solution there, and this isn't that great, is that you either use WSUS for Windows or a local mirror for Linux.

Yup, so you can maybe see where my hope was to join a 2016 RDS to Azure AD the way Windows 10 clients do (also havent tested this lol).

The cake is a lie!

scottalanmiller

@bigbear said in Azure AD and OnPrem Windows Server 2016:

@bigbear well another issue, depending on where I store all my data. Do I launch a 3rd server with Vultr BLOB storage and share it to the terminal server, cause that would be another server without internet/updates/backup.

Or do I directly attach a volume with BLOB storage to the terminal server? Which seems odd...

Do you need the BLOB storage and why would it feel odd to have it be direct but not weird to have it on a different server? What's the benefit to having an extra server for storage?

scottalanmiller

@bigbear said in Azure AD and OnPrem Windows Server 2016:

@scottalanmiller said in Azure AD and OnPrem Windows Server 2016:

@bigbear said in Azure AD and OnPrem Windows Server 2016:

@scottalanmiller only issue that came to mind was updates.

Yup, of course an issue. The solution there, and this isn't that great, is that you either use WSUS for Windows or a local mirror for Linux.

Yup, so you can maybe see where my hope was to join a 2016 RDS to Azure AD the way Windows 10 clients do (also havent tested this lol).

The cake is a lie!

Oh it's a great idea. RDS just isn't ready for that yet.

scottalanmiller

@bigbear said in Azure AD and OnPrem Windows Server 2016:

Yup, so you can maybe see where my hope was to join a 2016 RDS to Azure AD the way Windows 10 clients do (also havent tested this lol).

Windows 10 works, we use it.

bigbear

@scottalanmiller said in Azure AD and OnPrem Windows Server 2016:

@bigbear said in Azure AD and OnPrem Windows Server 2016:

@bigbear well another issue, depending on where I store all my data. Do I launch a 3rd server with Vultr BLOB storage and share it to the terminal server, cause that would be another server without internet/updates/backup.

Or do I directly attach a volume with BLOB storage to the terminal server? Which seems odd...

Do you need the BLOB storage and why would it feel odd to have it be direct but not weird to have it on a different server? What's the benefit to having an extra server for storage?

I have a few TB of data so I assumed BLOB storage was the way to go. If I had less data I suppose it wouldnt be necessary. Looks like its only available from VULTR in NY/NJC data centers.

scottalanmiller

@bigbear said in Azure AD and OnPrem Windows Server 2016:

Looks like its only available from VULTR in NY/NJC data centers.

That's the good datacenter anyway

scottalanmiller

@bigbear said in Azure AD and OnPrem Windows Server 2016:

I have a few TB of data so I assumed BLOB storage was the way to go.

Yes, it would be then. But for RDS, unless you are making more than one RDS server, you'd still want it local (same server.)

bigbear

@scottalanmiller said in Azure AD and OnPrem Windows Server 2016:

@bigbear said in Azure AD and OnPrem Windows Server 2016:

Looks like its only available from VULTR in NY/NJC data centers.

That's the good datacenter anyway

Oh yeah? Ive been deploying voice switches from several of their locations. I do notice occasionally Chicago has a lag.

bigbear

@scottalanmiller I know you mentioned you are a "cloud first" guy. Would you go with VULTR on this type of small setup or just order in a server and run it off Hyper-V local?

bigbear

@scottalanmiller in addition to my question above I am curious, can you deploy an Azure AD (no servers) and Windows 10 and still have the benefit of Group Policies? Reading some mixed info on that right now as well...

Dashrender

@bigbear said in Azure AD and OnPrem Windows Server 2016:

@scottalanmiller in addition to my question above I am curious, can you deploy an Azure AD (no servers) and Windows 10 and still have the benefit of Group Policies? Reading some mixed info on that right now as well...

What I have read recently, if you use the paid version of Azure AD, yes you can get some GPO options.

Dashrender

If your vultr RPS server doesn't have internet access, how will you connect to it?

Will you have a VPN into the private Vultr network that grants you access?

bigbear

@Dashrender said in Azure AD and OnPrem Windows Server 2016:

If your vultr RPS server doesn't have internet access, how will you connect to it?

Will you have a VPN into the private Vultr network that grants you access?
Supposedly be remote desktoping into the app server, then internally to the AD server. Or via console access.

As I think about this more, there is pfsenes in the ISO library. If not for a router/gateway from private networks to public, I dont know what else that would be there for. So it would seem to be possible.

scottalanmiller

@Dashrender said in Azure AD and OnPrem Windows Server 2016:

If your vultr RPS server doesn't have internet access, how will you connect to it?

It's the AD server that would be without Internet.

bigbear

@scottalanmiller right but if I use ISO library to launch a pfsense instance, trying to figure out how they would stop me from setting that as my gateway on the AD server.

scottalanmiller

@bigbear said in Azure AD and OnPrem Windows Server 2016:

@scottalanmiller right but if I use ISO library to launch a pfsense instance, trying to figure out how they would stop me from setting that as my gateway on the AD server.

They wouldn't stop you, it's just normal virtualization, nothing weird.

bigbear

@scottalanmiller I'm half way there, the AAD may work for RDS without the need for and AD server.

I'm waiting for my AAD DNA ip addresses to generate!

bigbear

UPDATE:

The lack of guides for this is really stunning. If you arent syncing with any OnPrem AD you have to have to have 365/Azure AAD users reset their password.

Officially Joined Server 2016 instance to ADD and rebooting now. I would hope RDSH will be easy to deploy next.

The cost of running the same spec VM on Azure is about $35 more than Azure. However the cost of VULTR goes up $56 for the minimum 2016 server to add a domain controller. Plus on Azure I wont have to manage Active Directory.

Maybe $150 in total cost to run a 14GB instance for RDSH isn't too shabby.