1
00:00:00,940 --> 00:00:04,600
Here I am on my AADDS member server.

2
00:00:04,600 --> 00:00:05,480
Let me show you here.

3
00:00:05,480 --> 00:00:08,280
I've got Server Manager up, and the text may be small,

4
00:00:08,280 --> 00:00:15,420
but the computer name is aadvm and the domain is aaddstimw.info.

5
00:00:15,420 --> 00:00:19,720
This was our managed domain experience, and I've signed in with my Melissa user.

6
00:00:19,720 --> 00:00:22,610
Hopefully all of what I just said makes sense, given that you're

7
00:00:22,610 --> 00:00:25,590
coming from the previous lesson in which I showed you how to deploy

8
00:00:25,590 --> 00:00:28,440
and configure Azure AD Domain Services.

9
00:00:28,440 --> 00:00:30,290
Now, in terms of password stuff,

10
00:00:30,290 --> 00:00:33,750
I just want to demonstrate here an Active Directory Administrative Center.

11
00:00:33,750 --> 00:00:37,560
Notice that you can get access to your Password Settings Container and

12
00:00:37,560 --> 00:00:41,350
configure fine‑grained password policies in your managed domain, so

13
00:00:41,350 --> 00:00:44,820
that is supported and possible in AADDS.

14
00:00:44,820 --> 00:00:45,430
And lastly,

15
00:00:45,430 --> 00:00:51,130
let me open up a Run prompt and do a gpmc.msc. Now, I did install the

16
00:00:51,130 --> 00:00:54,220
Active Directory management tools on this Windows Server,

17
00:00:54,220 --> 00:00:57,800
but not the Group Policy console, so let's quickly handle that by

18
00:00:57,800 --> 00:01:00,640
going through the Add Roles and Features Wizard. I'm just going to

19
00:01:00,640 --> 00:01:04,460
buzz into the Features list, and we'll select Group Policy

20
00:01:04,460 --> 00:01:06,440
Management, and we'll install that.

21
00:01:06,440 --> 00:01:06,770
Alright,

22
00:01:06,770 --> 00:01:10,650
that succeeded, so let's come over to the good old Run prompt and do a

23
00:01:10,650 --> 00:01:17,220
gpmc.msc. You have to spell it correctly, gpmc.msc. There we are.

24
00:01:17,220 --> 00:01:22,210
Now notice we can't attach a Group Policy Object at the site level because this

25
00:01:22,210 --> 00:01:27,080
is a managed domain after all, although interestingly, we can inspect our Active

26
00:01:27,080 --> 00:01:31,600
Directory Sites and Services console and you can see the two virtual machines

27
00:01:31,600 --> 00:01:33,840
that are your managed domain controllers.

28
00:01:33,840 --> 00:01:36,920
I wouldn't suggest horsing around with replication settings,

29
00:01:36,920 --> 00:01:40,340
though. Notice we have our Azure Active Directory Domain Services

30
00:01:40,340 --> 00:01:45,110
Computers and Users and various AADDS‑specific containers,

31
00:01:45,110 --> 00:01:48,310
but the basic workflow of working with these Group Policy

32
00:01:48,310 --> 00:01:55,000
Objects is very similar indeed to how we do so in an on‑premises local AD DS environment.