AAD joined Windows 10 login fail - domain not avaliable

GonWild 421 Reputation points
2021-08-10T08:37:49.677+00:00

Hi!
We're testing hybrid join in our environment.
Got a hybrid joined Windows 10 PC (v20H2) that gives login error (translated): We can't login with your credentials, the domain is not avaliable.

The user I'm testing is AAD user, synced from OnPrem AD. Account is OK, as I can login from a browser.
On the hybrid joined computer, I have tried loggin in with :
username@keyman .com (users UPN)
username@keyman .onmicrosoft.com
AzureAD\username@keyman .com

still no luck. Computer is connected to a mobile hotspot wifi, so no company network, firewall etc. (PC is also enrolled in Intune)
I can login using UPN with previous logged on user, but not this new user.

any ideas?

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,614 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,459 questions
Accepted answer
  1. GonWild 421 Reputation points
    2021-08-16T10:46:04.613+00:00

    Hello,
    I have already verified the join status.

    Came accross some info that indicates a new user cannot login on a hybrid joined windows 10 (without line of sight to local DC), as it is primary source of authenication is local domain controller. Needs to be AAD joined only. Too bad MS hasn't emphasized this (or I have missed it), would've saved me quite some time.

    https://oofhours.com/2020/05/23/digging-into-hybrid-azure-ad-join/

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GonWild 421 Reputation points
    2021-08-13T12:28:18.663+00:00

    I read in a blog that a hybrid AAD joined device is primarily dependent on OnPrem AD, for new user login and other things. So far this is my best answer as to why this isn't working as I thought it would

    0 comments