SOLVED
Home

Add guest user to Windows Virtual Desktop app pool

%3CLINGO-SUB%20id%3D%22lingo-sub-684999%22%20slang%3D%22en-US%22%3EAdd%20guest%20user%20to%20Windows%20Virtual%20Desktop%20app%20pool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-684999%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20trying%20to%20add%20guest%20user%20to%20my%20App%20pool%20but%20I%20always%20get%20the%20following%20error%3A%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20identity%20provider%20for%20Tenant%20'xxxxxxxxxx'%20did%20not%20recognize%20User%20'%E2%89%A4xxxxxxxxxx%E2%89%A5'.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIs%20there%20any%20restriction%20to%20add%20guest%20users%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EMy%20guess%20will%20be%20that%20because%20the%20guest%20user%20account%20password%20hash%20are%20not%20registered%20in%20AADDS%2C%20it%20will%20not%20be%20technically%20possible%20to%20enable%20this%20service%20for%20guest%20account%20but%20I%20will%20let%20the%20expert%20confirm....%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThank%20you%20for%20your%20help.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-687575%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20guest%20user%20to%20Windows%20Virtual%20Desktop%20app%20pool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-687575%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F297703%22%20target%3D%22_blank%22%3E%40ghonyme%3C%2FA%3E%26nbsp%3B%3A%20Yes%2C%20unfortunately%20we%20do%20not%20support%20guest%20users%20yet%20in%20Windows%20Virtual%20Desktops.%20Users%20must%20be%20sourced%20from%20the%20Azure%20AD%20that%20you%20specify%20for%20your%20Windows%20Virtual%20Desktop%20tenant.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752356%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20guest%20user%20to%20Windows%20Virtual%20Desktop%20app%20pool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752356%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F297703%22%20target%3D%22_blank%22%3E%40ghonyme%3C%2FA%3E%26nbsp%3BFacing%20the%20same%20issue.%20My%20WVD%20tenant%20with%20Azure%20subscription%20is%20connected%20using%20Vnet%20Peering%20to%20on-prem%20AD%20but%20the%20UPN%20is%20different.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752794%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20guest%20user%20to%20Windows%20Virtual%20Desktop%20app%20pool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752794%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F141315%22%20target%3D%22_blank%22%3E%40Radek%20V%3C%2FA%3E%26nbsp%3B%3A%20Are%20you%20also%20synchronizing%20SIDs%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-764842%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20guest%20user%20to%20Windows%20Virtual%20Desktop%20app%20pool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-764842%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAFAIK%20no.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20can%20I%20check%20this%3F%20In%20AAD%20Connect%20settings%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-764927%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20guest%20user%20to%20Windows%20Virtual%20Desktop%20app%20pool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-764927%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F141315%22%20target%3D%22_blank%22%3E%40Radek%20V%3C%2FA%3E%26nbsp%3B%3A%20Actually%2C%20we%20have%20a%20current%20issue%20right%20now%20regarding%20user%20connections%20if%20the%20VMs%20are%20connected%20to%20Azure%20AD%20Domain%20Services%20and%20that%20user%20is%20sourced%20from%20your%20on-prem%20AD%20(synchronized%20to%20Azure%20AD%2C%20then%20replicated%20to%20the%20Azure%20AD%20Domain%20Services%20instance)%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FWindows-Virtual-Desktop%2FAnnouncement-Connectivity-issues-from-synchronized-users-to-VMs%2Fm-p%2F759642%23M1036%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FWindows-Virtual-Desktop%2FAnnouncement-Connectivity-issues-from-synchronized-users-to-VMs%2Fm-p%2F759642%23M1036%3C%2FA%3E%26nbsp%3B.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe're%20actively%20investigating%20options%20on%20how%20to%20unblock%20and%20fix.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-848484%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20guest%20user%20to%20Windows%20Virtual%20Desktop%20app%20pool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-848484%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20users%20appear%20as%20'guests'%20in%20AAD%20with%20source%20being%20'external%20azure%20active%20directory'%20or%20'invited%20user'.%20When%20I%20try%20to%20add%20such%20an%20account%20using%20the%20Add-RdsAppGroupUser%20cmdlet%20then%20I%20get%20the%20message%20%22the%20specfifed%20UPN%20does%20not%20exist%20in%20the%20AAD%20associated%20with%20the%20RD%20tenant%22.%20Account%20that%20have%20directly%20been%20created%20in%20the%20AAD%20does%20work.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20from%20Microsoft%20state%20if%20these%20type%20of%20users%20are%20or%20will%20be%20supported%20and%20if%20not%2C%20how%20I%20should%20proceed%3F%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-852406%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20guest%20user%20to%20Windows%20Virtual%20Desktop%20app%20pool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-852406%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F193408%22%20target%3D%22_blank%22%3E%40Marcel%20A'%20Campo%3C%2FA%3E%26nbsp%3B%3A%20Currently%20we%20do%20not%20support%20Azure%20AD%20B2B%20(guest)%20users.%20Primarily%2C%20there%20is%20no%20mechanism%20right%20now%20to%20synchronize%20them%20to%20the%20on-prem%20AD%20that%20will%20be%20recognized%20by%20the%20VM%20logon.%20There%20are%20some%20scripts%20and%20tools%20(including%20Microsoft%20Identity%20Manager%20(MIM)%20)%2C%20but%20that%20would%20also%20require%20those%20B2B%20users%20to%20create%20a%20new%20set%20of%20credentials%20for%20that%20on-prem.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20investigating%20how%20to%20support%20Azure%20AD%20B2B%20(guest)%20users%2C%20with%20Azure%20AD%20Join%20as%20a%20potential%20option%2C%20but%20no%20specific%20dates%20as%20of%20yet.%20If%20this%20is%20something%20that%20is%20crucial%20for%20your%20workload%2C%20please%20create%2Fupvote%20at%20our%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fwvdfbk%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EUservoice%20page%3C%2FA%3E%20.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-999828%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20guest%20user%20to%20Windows%20Virtual%20Desktop%20app%20pool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-999828%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EHi%2C%20have%20you%20any%20update%20of%20this%3F%20Thanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1000483%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20guest%20user%20to%20Windows%20Virtual%20Desktop%20app%20pool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1000483%22%20slang%3D%22en-US%22%3ENo%20updates%20as%20of%20yet.%20This%20is%20a%20larger%20workitem%2C%20so%20I%20do%20not%20expect%20this%20feature%20to%20be%20made%20available%20in%20the%20next%203%20to%206%20months.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1009198%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20guest%20user%20to%20Windows%20Virtual%20Desktop%20app%20pool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1009198%22%20slang%3D%22en-US%22%3E%3CP%3EI%20was%20wondering%20on%20this%20we%20got%20to%20Azure%20Domains%20but%20have%20WVD%20in%20a%20separate%20domain%20the%20guest%20users%20can%20not%20be%20added%20as%20a%20appgroupuser%20hoping%20this%20is%20something%20they%20are%20actively%20working%20on%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
ghonyme
Occasional Contributor

Hello,

 

I'm trying to add guest user to my App pool but I always get the following error:

The identity provider for Tenant 'xxxxxxxxxx' did not recognize User '≤xxxxxxxxxx≥'.

 

Is there any restriction to add guest users?

My guess will be that because the guest user account password hash are not registered in AADDS, it will not be technically possible to enable this service for guest account but I will let the expert confirm....

 

Thank you for your help.

10 Replies
Solution

@ghonyme : Yes, unfortunately we do not support guest users yet in Windows Virtual Desktops. Users must be sourced from the Azure AD that you specify for your Windows Virtual Desktop tenant.

@ghonyme Facing the same issue. My WVD tenant with Azure subscription is connected using Vnet Peering to on-prem AD but the UPN is different.

@Radek V : Are you also synchronizing SIDs?

@christianmontoya 

AFAIK no.

 

How can I check this? In AAD Connect settings?

 

@Radek V : Actually, we have a current issue right now regarding user connections if the VMs are connected to Azure AD Domain Services and that user is sourced from your on-prem AD (synchronized to Azure AD, then replicated to the Azure AD Domain Services instance): https://techcommunity.microsoft.com/t5/Windows-Virtual-Desktop/Announcement-Connectivity-issues-from... .

 

We're actively investigating options on how to unblock and fix.

My users appear as 'guests' in AAD with source being 'external azure active directory' or 'invited user'. When I try to add such an account using the Add-RdsAppGroupUser cmdlet then I get the message "the specfifed UPN does not exist in the AAD associated with the RD tenant". Account that have directly been created in the AAD does work.

 

Can anyone from Microsoft state if these type of users are or will be supported and if not, how I should proceed??

@Marcel A' Campo : Currently we do not support Azure AD B2B (guest) users. Primarily, there is no mechanism right now to synchronize them to the on-prem AD that will be recognized by the VM logon. There are some scripts and tools (including Microsoft Identity Manager (MIM) ), but that would also require those B2B users to create a new set of credentials for that on-prem.

 

We are investigating how to support Azure AD B2B (guest) users, with Azure AD Join as a potential option, but no specific dates as of yet. If this is something that is crucial for your workload, please create/upvote at our Uservoice page .

@christianmontoya 
Hi, have you any update of this? Thanks

No updates as of yet. This is a larger workitem, so I do not expect this feature to be made available in the next 3 to 6 months.

I was wondering on this we got to Azure Domains but have WVD in a separate domain the guest users can not be added as a appgroupuser hoping this is something they are actively working on @christianmontoya 

Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies