Sunday, December 8, 2024
Azure Virtual Desktop

Domain join account for Azure Virtual Desktop (AVD)

Hello there! Quick post today on how to create a domain join service account to add Azure Virtual Desktop (AVD) session hosts to the domain.

Prerequisites

  • Create a service account, e.g. AVDDomainJoin@domain.net
  • Permissions within Active Directory to delegate control to various OU’s
  • Organisational structure for AVD

Organisational Unit Structure for AVD

Before we start, ensure that your organisational units are setup in a clean manner, as delegating control will apply to the OU that we select and all of it’s sub OU’s, I tend to create the AVD OU structure like so:

Note: There is no right or wrong way of setting up your OU structures for AVD, it’s what works for you. The key takeaway is that the delegated control that will be implemented in the next section will apply to all sub OU’s, be mindful of this.

Delegating Control

On the OU in question, right-click and select Delegate Control:

Add the service account within Selected users and groups:

Select Create a custom task to delegate:

Select Only the following objects in the folder, then Computer Objects and then select Create selected objects in this folder:

Select Create All Child Objects:

Complete the wizard and that’s it! AVD domain join is configured, use this account to join AVD session hosts to the domain. Until next time!

4 thoughts on “Domain join account for Azure Virtual Desktop (AVD)

  • Thanks for this post 🙂
    What permissions are neccesary to run the AzHybrid Module to join the storage account for fslogix via the microsoft script?

    • Hi there,

      From an AD side, permissions required are to create computer accounts (so this blog post should help with that) or if using service logon option then permissions to create a service logon account. From Azure side, you’d need at least contributor rights within the storage account to setup the integration with AD and storage accounts. However, you may need additional permissions to actually setup the share permissions after integration, such as owner.

      Thanks,
      Alex.

  • Pingback:

  • Pingback:

Comments are closed.