Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

AAD Group Policies for Win10 joined machines

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts

Hello Guys,

When installing a new Win10 machine, its possible to join an AAD domain, and that works great.

But, is it possible to apply Group policies to these Win10 joined computers, without having an on-premise AD ?




  • 0




    Je suis Napoléon!

  • Community Leader
  • 26,047 posts
  • MVP

to apply active directory controlled group policy, you have to have active directory, which means you have to have a domain. which means you have to have a domain controller


whether or not that domain (domain controller) is on premise depends on a lot of things.


you can do "off-prem" domain controllers for things like remote sites where there is a WAN connection to the main office where the domain controller resides.

some companies are doing hosted active directory (where AD lives in the cloud).


obviously these bring up their own issues (connectivity requirements, bandwidth requirements, etc...)


typically for remote sites companies will deploy a read only domain controller that just synchronizes the active directory database from the main domain controller(s) in another facility, that way the computers at the remote location have a physically local domain to authenticate to, but no one at that location can manage the domain

  • 0




  • Member
  • PipPip
  • 31 posts
  1. No, Azure AD does not have GPO services.
  2. Its not offering all the services as OnPremise AD.
  3. If you want to have GPO services then better put a OnPremise AD is the only option.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP