New
#10
Join Windows 10 PC to a Domain
-
-
New #11
Interesting. I do see it on 16299.214 Ent, but not the latest Ent Insider. Hmmm, I wonder if there's some variable that would cause it not to show up?
-
-
-
New #14
That's crazily fast in both cases! I wonder if it has to do with being joined to Azure AD, which I technically am because of Office 365 (corporate)? Maybe if you are, you can then only further join things requiring a Microsoft Account (the only thing the form allows)? So, AD and Azure AD would be mutually exclusive, even though they're entirely separate things?
-
-
New #16
I just checked an RS3 PC already domain-joined (the RS3 I was checking earlier was not yet joined to anything), and there are no blue links for it either, strongly suggesting that MS lets you only do one or the other.
What I should try is doing an Azure AD join (any method) and then doing a domain join via the old UI. That may be a loophole.
-
New #17
That would explain it.
Active Directory is the way, the tool local domains use for user control and management. There are three different methods a user / device can join AD: joining local domain and signing in with domain credentials, joining through Azure AD and signing in with Azure AD credentials, and the "lowest level" so called workplace join, connect a local or Microsoft sign-in account to an Azure AD (workplace) account.
Joining a local domain and Azure AD basically is the same. Of course there are administrative differences from IT departement's point of view, but for the most the only difference end user sees is the sign-in credentials.
Once you have joined a local domain, you cannot join Azure AD, and vice versa. It's one or the other.
Joining Azure AD instead of joining a domain is in my opinion the future, Microsoft's clear goal being to get corporate users to move from local domains and on-premises domain controllers to Azure AD. I posted an opinion piece about that just a few days ago on my site: Secure Windows on a Secure Device Win10.Guru
Azure AD gives you two levels to join: Workplace join simply adds your Azure AD account to Windows 10 for single-sign-on to all your workplace services, but you will continue signing in to Windows with your current local or Microsoft account:
This will be shown as a connected account:
As you will continue signing in with your local or Microsoft account, you are still pretty much in control. You can use workplace services, company store and such but IT admin cannot set up any restrictions on your device. A workplace joined user / device can still join a local domain.
If you select Join Azure AD instead, your sign-in account will be changed to Azure AD account. This is shown as Azure AD joined:
Once joined to Azure AD, joining a local domain is no longer possible.
I'm not sure if the above explains this clear enough. The point is, a local domain and Azure AD effectively chooses the way you are joined to your workplace. Only one of these methods to join can be used.
Kari
-
New #18
That is helpful, thanks. It explains why the blue links are missing when you're joined to AD or Azure AD.
Aside from AD, I've only ever seen "Connected to...Azure AD" (from Office 365). I barely even recall hearing of Workplace before.
However, despite being joined to Azure AD (via Office 365 corp), according to the panel in my main installation (Insider), I still do sign in with my local account only, like you describe for Workplace.
What cleared up this latter aspect just now for me is when I brought up a fresh Insider build in a VM and connected to Office 365 (corp) there. It simply asked for account name and PW, no choices involved (you talked about a selection, but I see nothing like that). The end result was my account name being listed, and above it "Work or school account." Whereas on my main PC, which also has Insider but was joined to Office 365 a couple years ago, it's called "Connected to...Azure AD" (it's possible that there was a selection involved back then, and I made a different choice).
So, MS seems to have changed the phrasing for what you get when you connect to Office 365, despite the fact that Office 365 does run on Azure AD. Clearly what you describe above is current, so the behavior I mentioned about using my local account to sign in despite being joined is consistent with what you said given current naming conventions.
-
New #19
Why do you recommend disabling IPv6?
Thanks for the thorough tutorial. One thing bothers me though: Why do you recommend disabling IPv6?
I have found a few other references that recommend this, but many other references (including Microsoft) strongly recommend against doing so, e.g.:
Are you disabling IPv6? Maybe you should stop
Arguments against disabling IPv6
Guidance for configuring IPv6 in Windows for advanced users
Can you edify me as to the rationale for disabling IPv6 when joining a PC to a domain?
Do you recommend leaving it disabled, or should one reenable it after joining a PC to a domain?
Quote
Related Discussions
