[HELP] Unable to join AAD DS Management VM to domain

Copper Contributor

Hi all, I'm working on setting up a new tenant that is cloud only. Azure AD DS was configured prior to any user accounts being created. I'm attempting to configure my management VM but am failing to get it to join the domain (thisis.mydomain.com) when using the UPN as suggested in the documentation. I have already changed the password in order for the account to generate the required NTLM/Kerberos password hashes as this is a cloud-only environment. 

 

I know it can contact the AAD DS domain controllers because I'm being presented with a prompt and furthermore, if I use the SAMAccountName to perform the domain-join, it works. However, when I join it with these credentials, I'm not able to use any variation of credentials to connect via my bastion host, only the original local admin account I set up when first creating the VM.

 

I can ping the AAD DS domain name and it resolves the correct DNS IPs. Is there a powershell command to check that the hash is actually generated? I've had another admin test joining with his own credentials, he is also a member of the AAD DC Administrators group to no avail. I've reviewed the following docs: [1]https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-management-v... [2]https://docs.microsoft.com/en-us/azure/active-directory-domain-services/join-windows-vm#join-the-vm-...

0 Replies