July 4, 2019
In my last post, How to create a network share in an AAD only environment, I mentioned how I have been doing some side projects for a friend’s small business and using Microsoft 365 Business to manage the Windows 10 environment. There was a need for some of the (non admin) remote users to be able to remote into a Windows 10 system at the main office so they could run a client-server application that does not run well across the WAN. In a domain environment, this is simple – open up Computer Management, find the Remote Desktop Users Group and add the necessary domain users to the group. Not so fast in an AAD only environment as we run into the same issue we did in the previous post.
Well, lucky for you, PowerShell is your friend (BTW – PowerShell is always your friend). Open up an elevated PowerShell and run the following command:
Add-LocalGroupMember -Group “Remote Desktop Users” -Member “AzureAD\email@example.com”
Now using the following PowerShell command, check the group membership:
Get-LocalGroupMember -Group “Remote Desktop Users”
Here we see that my AAD account was added successfully. Going into Computer Management, we see that it shows up in the UI as well:
Note that the same can be done by running the follow command from an elevated Command Prompt:
Net localgroup “Remote Desktop Users” /add “AzureAD\firstname.lastname@example.org”
Now (non admin) AAD users will be able to connect to other systems using RDP.
Originally posted on https://miketerrill.net/