Since Microsoft released a preview version for the Azure AD Domain Services there have been a number of posts asking how to actually manage it and how to access things like GPO and ADUC. Since it’s a very new service there isn’t any how to’s (or i haven’t been able to find them) so here is a quick one:
You first need to deploy the AADDS, but please keep in mind that as of writing this post it’s only available in the US. I am not going to repeat this part as there is a nice post on technet:
*Please note that if you are creating a test environment you probably are not going to configure password replication so your username will not work. Easiest way to fix this is to create a “New user in your organization” and add them to the “aad dc administrators” group.
Once you have a AADDC (Azure Active Directory Domain Controller), you will need a virtual machine in the same network or a network which has vnet to vnet VPN with it. Once the VM is up you need to join it to the domain with an account from the “aad dc administrators” group. Once joined you should have Administrators access with the same account you joined it to the domain with. If not please log in with the local account and run “gpupdate /force”. This is because in the AADDS your are not part of Domain Admins, so there is a default GPO which adds “aad dc administrators” as administrators on all domain joined computers.
To use the two features mentioned below you need to log in with a member of the “aad dc administrators” group.
To administer GPOs you need to add the Group Policy Management Feature to the machine above:
Once installed you can open the tool and you will see the below default GPOs. Please note that currently you can only edit the two GPOs highlighted in yellow, you also can’t add any filtering to the GPOs or create additional once. You will also not be able to add additional ADMX templates (the 2012 R2 defaults are available)
Please note that you have very limited rights in the ADUC. Currently you can only modify certain things in the “AADDC Computers” OU like Adding , Disabling, Resetting, Deleting computer objects.
To administer ADUC you need to add the ADUC Feature to the machine above:
As mentioned above currently you are very limited to what you can actually do but as a side note any groups or users you add from the Azure management portal to the Directory will appear in the “AADDC Users” OU.