Well, it turns out it works almost identically to domain join. When you type in your password it gets verified by AAD, not AD. That means we changed the authority from your on-prem domain controller to Azure AD. With The cloud you don't need line of sight to your internal servers anymore because everything is out on the internet. They always need line of sight to a domain controller to get anything interesting done. For better or for worse.ĭomain Joined machines didn't exactly fit well into this new world because of technical limitations of how authentication and management worked. If we jump ahead a decade or two we come across The Cloud and it forever changed how everything everywhere did things. There is exactly one authority in Windows. This authority more or less has final say over everything on that machine. Domain join has the Domain Controller as the authority, meaning it needs a DC to bless the logon. Meaning the local machine stores the passwords and does the auth. A local workgroup machine is itself it's own authority. I've gone into great detail about how authentication works on domain join.Ī useful model to think about is the idea of an authority. This allows for centralized management of two or more machines. Domain join is where a Domain Controller dictated things such as authentication, authorization, policy, and what not. Twitter warning: Like all good things this is mostly correct, with a few details fuzzier than others for reasons: a) details are hard on twitter b) details are fudged for greater clarity c) maybe I'm just dumb.īack in the early days of the universe PCs were workgroup machines, meaning everything stayed local to it, or they were domain joined, meaning they belonged to a domain. What's it mean to be joined to something? Let's talk Azure AD join and what that means to a Windows device.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |