Forum Discussion
Azure VD - AD/AADDS Required?
I'm trying to set up an Azure Virtual Desktop test lab for evaluation purposes. I've created a new test Azure tenant with some M365 Business Premium licenses. I've added some dummy test users, assigned M365 licenses to them and ADD joined a couple of Windows 10 laptops using Autopilot. This is all work great.
From what i have read Azure Virtual Desktop either requires Active Directory or AADDS, therefore, i've deployed AADDS to the tenant. Next i've then deployed a new AVD host pool using the following settings:
- Host Pool Type = Pooled
- LB = Breath-first
- Max Sessions limit = 10
- Number of Hosts = 2
- Image = Gallery / Win10Ent MultiSession 20H2 Gen2
- Domain to join = Azure AD
The AVD deployment completes and i've assigned users to the application group. However, when i attempt to log into AVD (via browser or Remote Desktop app) it prompts me for logon credentials but then fails to connect with an error "invalid credentials". I know the credentials are correct! I've delete the AVD host pool, resource groups, vms, etc and set it all up again from scratch but i still get the same error! I'm obviously missing something here?
I can see the both the Azure VD hosts are shown in Azure AD > Device and both are listed in Intune as (managed by intune/compliant). I've also setup an Azure management VM (Win2016), joined this to AADDS and installed the RSAT tools. Using the AD Users and Computers console I can see all the users (which i created in Azure AD) have sync'd over but i cant see the two VD host devices?
Do i need actually need AD or AADDS as the Azure Virtual Desktop deployment wizard allows me to select 'Azure AD' under 'Domain to Join' and then there's no mention of AD/AADDS during the wizard. If i can remove AADDS and the Win2016 management vm that would be great.
- Hi Vince, no still having issues.
Earlier today i cleaned up the Azure tenant once again. I deleted all the resources that were deployed by the AADDS wizard and the Azure Virtual Desktop wizard. I then successfully re-deployed AADDS, applied the recommended DNS fix and ran the AVD wizard again. This time i selected 'domain to join = AADDS' but the wizard failed again. This time with a different error:
easy-button-inputvalidation-job-linked-template - conflict
I do have MFA enabled for all users? Perhaps that is the issue then?
- Johan_VanneuvilleIron ContributorHi,
For personal hostpool you don't need ADDS or AADDS but can use AAD only.
For pooled hostpools you still require ADDS or AADDS.
For your logon issue:
Have you given Virtual Machine User login role to the users?
Have you specified in the advanced properties that the session host is AAD joined?
Here is the link to the doc's. If you need help just contact me.
https://docs.microsoft.com/en-us/azure/virtual-desktop/deploy-azure-ad-joined-vm - VinceThompsonCopper Contributor
PhilPreece1010Hey Phil. Did you resolve this in the end? I am also getting this same issue with the password.
I wonder if it's to do with MFA?
Thanks
Vince
- PhilPreece1010Copper ContributorHi Vince, no still having issues.
Earlier today i cleaned up the Azure tenant once again. I deleted all the resources that were deployed by the AADDS wizard and the Azure Virtual Desktop wizard. I then successfully re-deployed AADDS, applied the recommended DNS fix and ran the AVD wizard again. This time i selected 'domain to join = AADDS' but the wizard failed again. This time with a different error:
easy-button-inputvalidation-job-linked-template - conflict
I do have MFA enabled for all users? Perhaps that is the issue then?- VinceThompsonCopper ContributorPhil, correct it's my understanding that MFA is not yet supported when using AAD joined VM's and trying to login to them via AVD. I could be wrong but maybe worth a shot. I will also test this myself tomorrow and let you know.