Share via

Setup Remote Desktop User Group permissions via Azure Portal

Administrator 0 Reputation points
2024-03-05T23:55:36.8766667+00:00

Hello MS Community

I have created a set of VMs and joined them to my Azure Custom Domain. I have created a User Group with access to my Resource Group that houses my VM and granted the group the Virtual Machines User Login Role so that they may connect to the VMs

The users can make connections to the VM but when they attempt to login they receive an error indicating they do not have the correct local permissions to login to the system. These users are not apart of the AAD DC Admin group so they have no rights on the VMs.

I have looked into ways of granting these rights on the VMs without the need to connect to each and every one of them, either via PS or Remote Desktop client. Several documents seemed to imply that installing the AADLogin extension would resolve this but it did not. I tried it on several VMs, Conducting restarts of the VMs after extension install but the users with Virtual Machine User Login still cannot login due to account not having authorization for remote login

Does anyone know of a way to add the group to the remote desktop users group via Azure? I would like to make it so that I can push the permissions to all VMs in the Resource Group including any VMs created in the future that would be added to this RG. Any help or suggestions would be greatly appreciated

Regards

Todd

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,015 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dillon Silzer 57,826 Reputation points Volunteer Moderator
    2024-03-06T00:25:59.4933333+00:00

    Hi Todd,

    The only way I can think of doing it is to automate this with either Azure Automation (that triggers a PowerShell script) or to run the PowerShell script locally through a scheduled function on the server.

    #1 The script should make use of Get-ADAzureADGroup:

    Get-AzureADGroupMember -ObjectId "YourGroupID" -All $true

    https://learn.microsoft.com/en-us/powershell/module/azuread/get-azureadgroupmember?view=azureadps-2.0

    #2 Then, you would want to loop through each object and add them to the local RDP group:

    Add-LocalGroupMember -Group "Remote Desktop Users" -Member $object

    #3 The final script should look something like:

    # Get all members of the Azure AD group
$azureADGroupMembers = Get-AzureADGroupMember -ObjectId "YourGroupID" -All $true
# Loop through each member and add them to the "Remote Desktop Users" group
foreach ($member in $azureADGroupMembers) {
    $userPrincipalName = $member.UserPrincipalName
    # Add the user to the "Remote Desktop Users" group
    Add-LocalGroupMember -Group "Remote Desktop Users" -Member "AzureAD\$userPrincipalName"
    Write-Host "Added $userPrincipalName to Remote Desktop Users group."
}

    If this is helpful please accept answer.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.