On installing windows 10 enterprise, I bound the host to the AAD tenant netmagic.onmicrosoft.com. This created a user account of the form AzureAD/SwapnaKodali - which can logon to such as a sql server (on the same host) using windows identity. The windows token is created as one logs on to the host (and presumably consults the AAD tenant, somehow).
Now I want to use a federated account (in the same tenant): say rapstaff@rapmlsqa.com. The domain is ADFS connected, and is one of three ADFS servers in different namespaces tied to the same tenant (others include metrolistmlsqas.com, for example).
Will the windows 10 box communication with the ADFS server, on logon, or will it ping the AAD tenant (to check password, etc)?
Does the ADFS need to sync with AAD need to exist (and be sharing password, perhaps). Today, we don't do an ADFS->AAD sync. We use powershell to create users in AAD - which works find for doing federated user web logon to such as azure, office365 etc.
Looking for the general model of what is going on, with federate accounts on windows logon (on a v10+ machine bound to AAD).