Forum Discussion

PhilPreece1010's avatar
PhilPreece1010
Copper Contributor
Oct 04, 2021

Azure VD - AD/AADDS Required?

I'm trying to set up an Azure Virtual Desktop test lab for evaluation purposes. I've created a new test Azure tenant with some M365 Business Premium licenses. I've added some dummy test users, assigned M365 licenses to them and ADD joined a couple of Windows 10 laptops using Autopilot. This is all work great.

 

From what i have read Azure Virtual Desktop either requires Active Directory or AADDS, therefore, i've deployed AADDS to the tenant. Next i've then deployed a new AVD host pool using the following settings:
 - Host Pool Type = Pooled
 - LB = Breath-first
 - Max Sessions limit = 10
 - Number of Hosts = 2
 - Image = Gallery / Win10Ent MultiSession 20H2 Gen2
 - Domain to join = Azure AD

The AVD deployment completes and i've assigned users to the application group. However, when i attempt to log into AVD (via browser or Remote Desktop app) it prompts me for logon credentials but then fails to connect with an error "invalid credentials". I know the credentials are correct! I've delete the AVD host pool, resource groups, vms, etc and set it all up again from scratch but i still get the same error! I'm obviously missing something here?

I can see the both the Azure VD hosts are shown in Azure AD > Device and both are listed in Intune as (managed by intune/compliant). I've also setup an Azure management VM (Win2016), joined this to AADDS and installed the RSAT tools. Using the AD Users and Computers console I can see all the users (which i created in Azure AD) have sync'd over but i cant see the two VD host devices?

Do i need actually need AD or AADDS as the Azure Virtual Desktop deployment wizard allows me to select 'Azure AD' under 'Domain to Join' and then there's no mention of AD/AADDS during the wizard.  If i can remove AADDS and the Win2016 management vm that would be great.

  • Hi Vince, no still having issues.
    Earlier today i cleaned up the Azure tenant once again. I deleted all the resources that were deployed by the AADDS wizard and the Azure Virtual Desktop wizard. I then successfully re-deployed AADDS, applied the recommended DNS fix and ran the AVD wizard again. This time i selected 'domain to join = AADDS' but the wizard failed again. This time with a different error:

    easy-button-inputvalidation-job-linked-template - conflict

    I do have MFA enabled for all users? Perhaps that is the issue then?
  • VinceThompson's avatar
    VinceThompson
    Copper Contributor

    PhilPreece1010Hey Phil.  Did you resolve this in the end?  I am also getting this same issue with the password.

     

    I wonder if it's to do with MFA?

     

    Thanks

    Vince

    • PhilPreece1010's avatar
      PhilPreece1010
      Copper Contributor
      Hi Vince, no still having issues.
      Earlier today i cleaned up the Azure tenant once again. I deleted all the resources that were deployed by the AADDS wizard and the Azure Virtual Desktop wizard. I then successfully re-deployed AADDS, applied the recommended DNS fix and ran the AVD wizard again. This time i selected 'domain to join = AADDS' but the wizard failed again. This time with a different error:

      easy-button-inputvalidation-job-linked-template - conflict

      I do have MFA enabled for all users? Perhaps that is the issue then?
      • VinceThompson's avatar
        VinceThompson
        Copper Contributor
        Phil, correct it's my understanding that MFA is not yet supported when using AAD joined VM's and trying to login to them via AVD. I could be wrong but maybe worth a shot. I will also test this myself tomorrow and let you know.

Resources