Forum Discussion

Anonymous's avatar
Anonymous
May 11, 2019
Solved

Unable to join domain - 5 out of 10 times

As anyone encountered this error?  I've recreated the VDI/RDS environment multiple time, each with the same result.  Out of the 15 we are spinning up, 5 always fail.  It's seeming random which 5 do n...
  • Anonymous's avatar
    Anonymous
    May 13, 2019
    UPDATE (Solved) Issue was with AAD DS domain join limit. Even though the user account was a "Global Admin", it was missing the permission "AAD DS Administrator". Incidentally, this is not the "Device Limit" in the devices blade of users. This is the " ms-DS-MachineAccountQuota" in ADUC, which MS hardcoded to 10 device joins. The "AAD DS Administrator" permission overrides that limit (obvi).
Anonymous's avatar
Anonymous
May 13, 2019
UPDATE (Solved) Issue was with AAD DS domain join limit. Even though the user account was a "Global Admin", it was missing the permission "AAD DS Administrator". Incidentally, this is not the "Device Limit" in the devices blade of users. This is the " ms-DS-MachineAccountQuota" in ADUC, which MS hardcoded to 10 device joins. The "AAD DS Administrator" permission overrides that limit (obvi).
Christian_Montoya's avatar
Christian_Montoya
Icon for Microsoft rankMicrosoft
May 15, 2019

Deleted : Thanks for the update. We'll look to include this guidance in our documentation when using Azure AD Domain Services.

Resources