I've created an Azure VM and joined it to the Azure AD domain. I've enabled Azure AD login on the VM, and added users to the Azure AD AAD DC Administrators group, which is assigned the Administrator role in the VM.
I can RDP to the VM as a user in the AAD DC Administrators group that is a member of the Azure AD domain. However, I cannot RDP to the VM as a user in the group that is a guest user in the Azure AD domain. When I attempt to do so, the RDP client indicates that the credentials are incorrect for the guest user:
The credentials that were used to connect to did not work. Please enter new credentials.
I've verified that the credentials that I'm supplying are correct. I'm trying to determine if it's because:
- the format of the credentials that I'm supplying is incorrect (e.g,. should I use Domain\user.name, or [email protected], or Domain\[email protected]);
- it's a password hah sync problem (this is a cloud-only account); or,
- it's not possible to do this.
Guest accounts do not work with AAD DS, simply because their password is not stored on your AAD tenant, and thus cannot be synced to AAD DS. This is why the sign-in keeps on failing for them.
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/faqs#can-guest-users-be-invited-to-my-directory-use-azure-ad-domain-services-