jmprieur
commented
4 years ago @trwalke @bgavrilMS
Closed lnhzd closed 4 years ago
jmprieur
commented
4 years ago @trwalke @bgavrilMS
bgavrilMS
commented
4 years ago I do not know, best thing would be to give it a try. As long as the user appears as "managed", it should work I would think.
@trwalke, @jmprieur - do you know who to ask?
trwalke
commented
4 years ago I am not familiar with ADDS but in assuming you are referring to ADFS?
I am not sure how to answer this. it would be best to try it out as bogdan suggested.
lnhzd
commented
4 years ago Thanks guys, ADDS = Azure Active Directory Domain Services, apologize if I used the wrong abbreviation.
https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Integrated-Windows-Authentication On the doc you did mention IWA is only work with WAD => AAD user sync. With Azure Domain Service it's like the other way sync: AAD synced backed to WAD (Azure Domain Service). If this is not supported now would this be something on your (probably not yours but AAD side) road map to get it work in the near future - they are managed users yes, but they are not orphaned users only known to one AD - they are known to both AAD and WAD (Azure Domain Service).
Thanks a lot for your time.
btw @bgavrilMS I take this is a typo you actually mean as long as user appears as "federated"?
Thanks.
bgavrilMS
commented
4 years ago Yes, typo :)
A quick question: Is it correct to think IWA in MSAL is NOT going to work with the following scenario: Users created in AAD, replicated to ADDS, app running on VM (domain joined with ADDS). i.e.: IWA is only going to work with 1 direction sync WAD => AAD, but not the other direction? Thanks a lot.