Table of Contents
Joining Azure AD DS throws an incorrect password.
Azure Active Directory Domain Services is a new product within Microsoft Azure. The product is still fairly new and I find it in general not yet mature enough to actively use. The idea behind Azure AD DS is that you no longer need to use a domain controller within your domain. This has the advantage that you have little to no maintenance in your domain.
The disadvantage is that you miss many functions. For example, I tried to create an Exchange hybrid environment within Azure AD DS, but unfortunately this is not possible because you can no longer manage groups such as Schema admins, or Enterprise admins.
I have deployed Azure AD Domain services in my developer tenant. I then tried to connect a Server, only I got the error message that my “User name or password is incorrect“. Strange because those are the same login details that I used to create the environment.
“the user name or password is incorrect”
Fix: Joining Azure AD DS throws an incorrect password.
Microsoft gives as best practice that you must log in with the UserPrincipalName format.
“We recommend using the UPN format to specify credentials.
If a user’s UPN prefix is overly long (for example, joehasareallylongname), the SAMAccountName might be auto-generated. If multiple users have the same UPN prefix (for example, bob) in your Azure AD tenant, their SAMAccountName format might be auto-generated by the service. In these cases, the UPN format can be used reliably to log on to the domain.”
To keep the tutorial as short as possible, do not use the UserPrincipalName format 😉. You can log in with the legacy login with DOMAIN\Username format, even for an Azure AD DS environment only.
My UserPrincipalName in my developer tenant is:
And now to let the Server join the domain I used:
Baswijdenesoutlook026.onmicrosoft.com\Adm_wijdenes
and then it worked!
Recap
Do you have any additions to:
“The following error occured attempting to join the domain”
“The user name or password is incorrect”
While adding a device in Azure Active Directory Domain Services, do you want to add other additions or feedback about this post? Then you can leave a comment below.
“reference account is currently locked out and may not be logged on to” error can be fixed by changing your Azure AD password. This is required to trigger password hash sync to Azure AD DS.
Thank Bro you saved the day…!!!
Great! 😉
If you are trying to join the Domain with an Azure Active Directory (AAD) account, you need to change the Password of that User first and wait for synchronization
If you are trying to join the Domain with Windows Server AD (AD Connect) account, you need to launch a PowerShell Script first on the AD Connect Server :
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-getting-started-password-sync-synced-tenant#task-5-enable-password-synchronization-to-your-managed-domain-for-user-accounts-synced-with-your-on-premises-ad
Diego
Bas,
Thank you for the post. I’m running into the problem you describe. I’ve change the way I login as you mention. However, now I get the reference account is currently locked out and may not be logged on to. I’ve verified on-prem that my AD isn’t locked. I have AD connect sync up to O365. Any input would be appericated
Thanks
Eli
Hi
I have the same problem were you able to resolve this?
I’m experiencing the same problem when trying to add a new server to my Azure AD: Account locked out.
See screenshot: https://ibb.co/nDLWZU
Anyone got any luck getting past this problem?