Forum Discussion

Deleted's avatar
Deleted
May 11, 2019
Solved

Unable to join domain - 5 out of 10 times

As anyone encountered this error?  I've recreated the VDI/RDS environment multiple time, each with the same result.  Out of the 15 we are spinning up, 5 always fail.  It's seeming random which 5 do n...
  • Deleted's avatar
    Deleted
    May 13, 2019
    UPDATE (Solved) Issue was with AAD DS domain join limit. Even though the user account was a "Global Admin", it was missing the permission "AAD DS Administrator". Incidentally, this is not the "Device Limit" in the devices blade of users. This is the " ms-DS-MachineAccountQuota" in ADUC, which MS hardcoded to 10 device joins. The "AAD DS Administrator" permission overrides that limit (obvi).
Deleted's avatar
Deleted
May 13, 2019
UPDATE (Solved) Issue was with AAD DS domain join limit. Even though the user account was a "Global Admin", it was missing the permission "AAD DS Administrator". Incidentally, this is not the "Device Limit" in the devices blade of users. This is the " ms-DS-MachineAccountQuota" in ADUC, which MS hardcoded to 10 device joins. The "AAD DS Administrator" permission overrides that limit (obvi).
  • EricSP's avatar
    EricSP
    Copper Contributor
    Jun 28, 2019

    DeletedI have the same error, but my user is full global admin, AAD DS Admin, TenantCreator… No cigar so far :/

  • Christian_Montoya's avatar
    Christian_Montoya
    Icon for Microsoft rankMicrosoft
    May 15, 2019

    Deleted : Thanks for the update. We'll look to include this guidance in our documentation when using Azure AD Domain Services.

Resources