使用AAD加入设备/登录访问本地域资源(文件/打印)? [英] Accessing local domain resources (file / print) with AAD joined device / login?
问题描述
我正在试图弄清楚我想要做的事情是否应该起作用,我做错了什么或者它是否应该起作用。在我的环境中,我有一个通过AD Connect连接到AAD / Office 365的本地AD,同步工作
罚款。我正在对Win 10 RS2 / CU进行一些测试以及更新的Intune MDM。如果在OOBE I AAD期间加入设备,AAD资源(如自动登录和商店访问)的一切正常。但是我无法访问我的本地域加入
服务器来处理文件/打印等内容。如果我在Win 10设备上查看计算机管理,我看到本地管理员组将AAD用户列为domain \ username,就像它加入了本地域一样。但是,如果我尝试访问服务器,则会因
权限错误而失败。如果我使用其他用户选项和相同的密码手动键入domain\username,我可以访问资源。然而,这不是一个好的用户体验。
I am trying to figure out if what I am trying to do is supposed to work and I am doing something wrong or if it isn't supposed to work. In my environment I have a local AD that is connected to AAD / Office 365 via AD Connect and the synchronization works fine. I am doing some testing of Win 10 RS2 / CU in combination with newer Intune MDM stuff. If during OOBE I AAD Join the device everything works fine for AAD resources like auto login and business store access. However I can't access my local domain joined servers for things like file / print. If I look at computer management on the Win 10 device I see the local admin group has the AAD user listed as domain\username like it would if it was local domain joined. However if I try to access server it fails with permission error. If I manually type in domain\username using other user option and same password I am able to access resources. This however is not a good user experience.
这应该有用吗?我似乎无法弄明白。感谢您提供任何帮助或指示文档。
Is this supposed to work? I can't seem to figure it out. Thanks for any help or pointers to documentation.
Brian Hoyt
Brian Hoyt
推荐答案
详细了解AAD代理
here :
- 单点登录公司资源:用户享受从Windows桌面到云中的应用和资源的单点登录,例如Office 365和数千个业务应用程序
通过&absp; Azure AD
Connect 。加入Azure AD的公司拥有的设备在设备位于公司网络时,以及通过 Azure
AD应用程序代理。
- Single sign-on to company resources: Users enjoy single sign-on from the Windows desktop to apps and resources in the cloud, such as Office 365 and thousands of business applications that rely on Azure AD for authentication through Azure AD Connect. Corporate-owned devices that are joined to Azure AD also enjoy SSO to on-premises resources when the device is on a corporate network, and from anywhere when these resources are exposed via the Azure AD Application Proxy.
这篇关于使用AAD加入设备/登录访问本地域资源(文件/打印)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
