Our situation is as follows;
Company A Company B
+-----------------------------+ +----------------------------+
| | | |
| +---------------------+ | | +--------------------+ |
| | On Prem AD: main | | | | Azure AD DS: ext | |
| +----------|----------+ | | +--------------------+ |
| | | | |
| | | | +--------+ +--------+ |
| |Azure Sync | | | RDS SH | | RDS GW | |
| | | | +--------+ +--------+ |
| | | | |
| +----------|-----------+ | | +--------+ |
| | Azure AD: main-sync | | | | RDS CB | |
| +----------------------+ | | +--------+ |
| | | |
+-----------------------------+ +----------------------------+
We are looking for a way to allow users of Company A to login on the RDS environment in Company B.
The RDS servers are joined in the Azure AD DS.
Our first thought was to utilize Azure's B2B function (guest account). Inviting a user from the main-sync
domain in the ext
domain works, but logging in to the RDS environment that is running on servers joined into the ext
domain is not working.
As Company A already utilizes the Azure Sync between their primary domain and their own Azure AD, we cannot use that to sync main
-> ext
.
Is there something we can do to allow the B2B-accounts to login to the RDS-environment?
Alternatively, if our plan of allowing B2B accounts to login will never work - what would be the least intrusive solution for Company A to allow users in Company B's RDS to log in?