Forum Widgets
Latest Discussions
Login to Windows virtual machine in Azure using Azure AD authentication (and the pitfalls)!
Dear Microsoft Azure Friends, This article is about the login to Windows virtual machine in Azure using Azure Active Directory authentication and what needs to be considered in the process. This article describes the procedure. So far, everything is actually in perfect order. https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows So I have worked through the steps and now I want to log on to the virtual machine with an Azure Active Directory account. Why does this error message appear now? Have I done something wrong? I am going through all the steps again. No fits. So I take another close look at the article and discover the following: But that's exactly not the case with me. I want to connect from my local system which is not registered or joined in Azure. Let's take it one step at a time. First of all, I create a group in Azure Active Directory. This will contain the account I will use later for the login. ATTENTION: Use the appropriate Windows OS => Windows Server 2019 Datacenter edition and later or Windows 10 1809 and later Next I create a new virtual machine with the default settings (including a public IP address and yes this is not good, but this demo absolutely OK). Except for Management I set the following settings. If you want to work with an existing virtual machine you need to install the extension. You can do this with the Azure Cloud Shell, in a Bash terminal. az vm extension set \ --publisher Microsoft.Azure.ActiveDirectory \ --name AADLoginForWindows \ --resource-group YourResourceGroup \ --vm-name YourVM After the virtual machine is created we need to work with Role based Access Control RBAC. There are two roles that can be used. Virtual Machine Administrator Login or Virtual Machine User Login If you need local admin rights you need the first role. If you want to log in as a standard user, you can work with the second role. Now we connect to the virtual machine using RDP, but ATTENTION, I use the account I created when I created the virtual machine (not an Azure AD account). In the virtual machine I start the command prompt and use dsregcmd /status. The machine is Azure AD Joined. In the virtual machine, navigate to Start and invoke "run". Type sysdm.cpl and navigate to the Remote tab. Remove the "Allow connections..." option and click "Select Users". When you click on "Locations" you will immediately see that you cannot select an account from Azure AD. We need the command prompt for this. Start the command prompt with elevated privileges and enter the following (customized with your information, of course). net localgroup "remote desktop users" /add "AzureAD\Email address removed" Go back to the Azure Portal to your virtual machine. Download the RDP connection file. Open this RDP file with an editor and add the following lines. enablecredsspsupport:i:0 authentication level:i:2 Now double click on the RDP connection file and now use the Azure account for login. AND BINGO, we can now log in to our virtual machine using the Azure Active Directory account! Cool! I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
Upgrade Windows Datacenter Server from 2019 to 2022
Microsoft have just released Windows Server 2022 for Azure. Is it possible to update an existing Windows Server 2019 Datacenter to 2022? If so, how do you do it? One could, of course, build another server, but I should like to update the existing one. What are the cost implications if any? I realise a standalone server can be updated, but doing it under Azure may have other implications.
Extra license cost with Savings Plan
The moment my Savings Plan started I was hit with a new meter for payg license cost for a variable amount. The existing license meter for the same amount every day continued. As it should because the number of cores and hours have not changed. If I download the cost analysis data I notice that the new meter has a partnumber specified. I am really puzzled by this extra meter which more or less consumes the discount on the VM meter. I have a case at Microsoft but the first response was not encouraging. Has anyone else experienced this? Or can explain it?
Not able to add Vm to Backend Pool of Azure Load Balancer.
I have created 1 public load balancer and 2 windows Vms. The problem is under backend pool it is showing only 1 vm to add. the second vm is not showing to add to backend pool. Both Vms are in same subnet and both are standalone Vms. Can anyone help on thisDeploying Domain Controllers with an Availablility Group
Most Microsoft documentation states to deploy DC's in an availability group for maintenance and failure situations. The issue is that all the servers in an availability groups all use the same DNS settings, which doesn't work for several well known reasons. The only solution is to either build another availability group with additional DC's, (Which can add a significant cost to the project) or point the original availability group back to on-prem DC's, thereby negating the reliance on on-prem architecture. Is there any new guidance for this situation?
