question

robhead avatar image
1 Vote"
robhead asked MarileeTurscak-MSFT commented

AzureAD Domain Services NLA not working

Hoping someone can help.

On a newly provisioned AADDS domain it is not possible to login AzureAD domain synced user to domain joined VMs using NLA. This is what we know:

Any users that are synced from AzureAD to AzureADDS cannot login to any VMs using NLA (using their UPN)
Users that are created directly in AADDS can login using NLA (using their UPN).
The issue affects several Windows clients, all of which are up to date
Users that are synced from AzureAD to AzureADDS can do all other things, including logging into RDP when NLA is disabled.

It feels like that the synced users are not having their passwords stored in a way that is compatible with CredSSP (which I believe NLA relies on).

We have tried deleting and recreating ADDDS, but this did not help. I've setup AADDS several times in the past and never had this problem.

I am now at a loss of how to troubleshoot this further.

Any ideas anyone please?

Thanks in anticipation.

Rob

azure-ad-domain-services
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Is there any issue connecting to the DC? Or could it be related to any of the troubleshooting issues here?


0 Votes 0 ·

0 Answers