We are trying to see if our machine can join into ad-domain automatically during the onboarding for users who are all work from home.
We actually found article regarding offline domain join in Workspace ONE and with VMware Tunnel. Below are the article I have referred:
We setup the exact way they were explained
But still I am unclear on the ports which should be open from UAG to AD server connectivity.
Because the UAG is in DMZ and when the endpoint tries to connect to AD for the first time , something has to talk with AD right?
Or should open ports to ACC and that can to AD for that (am not sure about this configuration)
The have looked many websites for this configuration, we couldn't find the ports requirements for UAG to AD server or how it will connect AD.
Do let me know if anyone know about it? Thanks in Advance
UEM -> UAG (443) | UAG -> AD (443)
Devices -> UAG (443)
Yes, your device must talk to AD, this is why UAG tunnel is implemented.
ACC is not part of this workflow, you must open ports between UAG and Domain controller.
443 is not not enough, you can find all the ports for each service here: