Unable to setup Windows Virtual Desktop

Question

Using Free trial so I can demo WVD to our client (we are CSP)
Provisioning completes with error that "domain joined" failed. I am not selecting to join to on premises ADDS, in step for " Specify domain or unit" I am selecting no and proving global admin account to join to Azure. I am able to power on the VM and connect but unable to manually join to Azure either as the option is not there, fels like it is not a full windows 10 Enterprise.
Again the goal is to join to Azure and not yo on premises ADDS, so not sure why it is complaining about ""VM has reported a failure when processing extension 'joindomain'." .

{ "status": "Failed", "error": { "code": "DeploymentFailed", "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.", "details": [ { "code": "Conflict", "message": "{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"VMExtensionProvisioningError\",\r\n \"message\": \"VM has reported a failure when processing extension 'joindomain'. Error message: \\"Exception(s) occured while joining Domain 'iosi.ca'\\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot \"\r\n }\r\n ]\r\n }\r\n}" } ] } }

Answer 1

Hi @Nad Mal ,

if you already running an AADDS you don't need a global admin of the Azure AD to join a VM to the AADDS domain.
Instead you need to use a user that is member of the AAD DC Administrators group (in Azure AD). This user doesn't require Global Admin membership in Azure AD.
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance-advanced

Also verify the domain name of the AADDS is used to join the VM (not the domain name of the Azure AD).

Last but not least: Make sure the Virtual Network of the WVD hosts is peered with the vNet of the AADDS and DNS is configured properly. The AADDS domain name should be resolved and reached if you ping the domain name from a VM in the WVD host vNet.

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

Answer 2

Hi @Nad Mal ,

an AD is required for using Azure WVD:

A Windows Server Active Directory in sync with Azure Active Directory. You can configure this using Azure AD Connect (for hybrid organizations) or Azure AD Domain Services (for hybrid or cloud organizations).

• A Windows Server AD in sync with Azure Active Directory. User is sourced from Windows Server AD and the Windows Virtual Desktop VM is joined to Windows Server AD domain.
• A Windows Server AD in sync with Azure Active Directory. User is sourced from Windows Server AD and the Windows Virtual Desktop VM is joined to Azure AD Domain Services domain.
• A Azure AD Domain Services domain. User is sourced from Azure Active Directory, and the Windows Virtual Desktop VM is joined to Azure AD Domain Services domain.

https://learn.microsoft.com/en-us/azure/virtual-desktop/overview#requirements

The WVD hosts must be AD joined.

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

Answer 3

Hi @Nad Mal ,

in this case you can use the Azure Active Directory Domain Service (AADDS) in combination with the Azure AD (the third option in the quote above).

A Azure AD Domain Services domain. User is sourced from Azure Active Directory, and the Windows Virtual Desktop VM is joined to Azure AD Domain Services domain.

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten