How to add AAD users to the Remote Desktop Users Group

July 4, 2019

In my last post, How to create a network share in an AAD only environment, I mentioned how I have been doing some side projects for a friend’s small business and using Microsoft 365 Business to manage the Windows 10 environment. There was a need for some of the (non admin) remote users to be able to remote into a Windows 10 system at the main office so they could run a client-server application that does not run well across the WAN. In a domain environment, this is simple – open up Computer Management, find the Remote Desktop Users Group and add the necessary domain users to the group. Not so fast in an AAD only environment as we run into the same issue we did in the previous post.

Well, lucky for you, PowerShell is your friend (BTW – PowerShell is always your friend). Open up an elevated PowerShell and run the following command:
Add-LocalGroupMember -Group “Remote Desktop Users” -Member “AzureAD\”

Now using the following PowerShell command, check the group membership:
Get-LocalGroupMember -Group “Remote Desktop Users”

Here we see that my AAD account was added successfully. Going into Computer Management, we see that it shows up in the UI as well:

Note that the same can be done by running the follow command from an elevated Command Prompt:
Net localgroup “Remote Desktop Users” /add “AzureAD\”

Now (non admin) AAD users will be able to connect to other systems using RDP.

Originally posted onĀ

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.