Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Epic] - Use an existing AD #475

Closed
4 tasks done
xpillons opened this issue Aug 25, 2021 · 5 comments · Fixed by #1454
Closed
4 tasks done

[Epic] - Use an existing AD #475

xpillons opened this issue Aug 25, 2021 · 5 comments · Fixed by #1454

Comments

@xpillons
Copy link
Collaborator

xpillons commented Aug 25, 2021

Instead of deploying a Sandbox ADDS dedicated to an azhop environment, provide the capability to connect to an existing Domain Controller.

@lhg2
Copy link

lhg2 commented Oct 12, 2022

Hi there - what is the ETA on integrating AzureHPC into existing AD/AAD? We have requirements to do this to meet strict security policies and have a tool by BeyondTrust (PowerBroker/ADBridge) to handle that integration. Can we 1) deploy that, and 2) disable the AD installation in the build script?

@xpillons
Copy link
Collaborator Author

@lhg2 we don't have an ETA yet and this work hasn't started. We are driven by customer requirements and demand, so if you have one we will be glad to work with you on this.
AAD being not supported by all building blocks we can't simply replace our DC by AAD, however AAD can be used for MFA after configuring OpenID Connect for the OnDemand portal. The need of a DC will remain to store users for the environment, and a mapping will be done using the email field provided by OIDC.

@lhg2
Copy link

lhg2 commented Oct 13, 2022

Thank you. At the very least, we would need to use an AD integration tool (PowerBroker/ADBridge) to perform a domainjoin to our on-prem AD environment. We would need to bypass the current AD build requirement (don't need SSSD, etc.) and use our tooling for proper Enterprise integration and centralized user management. Is this achievable?

@xpillons
Copy link
Collaborator Author

probably yes, but never tested. You would have to replace in the scripts all the domain join stuff with yours. Also we do have specific groups used to grant users privileges for sudo access for example. Can we connect offline ? Please send me an email to xpillons@microsoft.com

@lhg2
Copy link

lhg2 commented Oct 13, 2022

@xpillons - Yep! Thanks much.

@xpillons xpillons added the Epic label Mar 31, 2023
@xpillons xpillons changed the title Use an existing AD [Epic] - Use an existing AD Mar 31, 2023
@xpillons xpillons pinned this issue Mar 31, 2023
@xpillons xpillons added this to the Version 1.0.35 milestone Apr 5, 2023
@xpillons xpillons unpinned this issue May 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants