How to Provide Access to Azure Resources with Azure AD

If you receive a “username or password is invalid” message when trying to join the domain, go into the Classic Portal and reset the password for the bwcadmin@bluewidgetco.com account.  This will force a rebuild of the user/password hash that is required to authenticate.  If you have the same issue with the User01 account, reset the password in the on-prem AD.

Per Microsoft:

This password change process causes the credential hashes that are required by Azure Active Directory Domain Services for Kerberos and NTLM authentication to be generated in Azure AD.

Test Access

You should be able to RDP into your virtual machine, using the bwcadmin@BlueWidgetCoXXXX.com account.  Login, grant the User01 local admin access, logout, and try logging in with the User01 account.

If everything is configured properly, User01 should be able to login via RDP.

If you receive a “username or password is invalid” message when trying to login to SERVER01 with the User01 account, reset the password in the on-prem AD.  This will force a rebuild of the user/password hash that is required to authenticate.  Be sure to force synchronization to Azure AD so the new password is updated before trying to login to SERVER01 again.

Per Microsoft:

This password change process causes the credential hashes that are required by Azure Active Directory Domain Services for Kerberos and NTLM authentication to be generated in Azure AD.

Wrap-Up

Although the purpose of this tutorial was to explain how to configure certain components of Azure, there are a few practical uses for such a setup – although with a few more complexities thrown in.  For example, a small office that requires an RDS server could use such a setup to offer RDS access without the need for configuring a VPN and incurring the additional costs of a VPN.  Be creative.  I am sure you can come up with a few use cases as well.

Click here to join the Understanding Azure Facebook group or here for the latest Azure practice questions, answers, explanations, and reference materials.

Thomas Mitchell

Tom is a 20+ year veteran of the IT industry and carries numerous Microsoft certifications, including the MCSE: Cloud Platform and Infrastructure certification. A Subject Matter Expert in Active Directory and Microsoft Exchange, Tom also possesses expert-level knowledge in several other IT disciplines, including Azure, Storage, and O365/Exchange Online. You can find Tom at his website, on LinkedIn, or on Facebook. Need to reach him by phone? Call 484-334-2790.