AVD local admin account's password expired and I can't reset with Azure feature

Question

AVD local admin account's password expired and I can't reset with Azure feature

AdamGivens-8296 0

My org has an AVD that was configured by a MSP before we terminated our relationship with them. Before departing from them, they created a local admin for us on our AVD to access it. Since then we haved accessed the AVD once or twice but now we cannot access the AVD because the local admin account's password is now expired and it states that we need to reset it. We tried to use the "Reset Password" tool that is in Azure web portal but have had no success. How do I get access to my AVD it is important I get access because we have users that are being synced from the DC we have hosted on it.

Vamsi Ram Annepu 485 Reputation points Microsoft External Staff

2025-04-05T00:39:35.2833333+00:00

Hi AdamGivens-8296,
I understand from your question that you created a AVD from a MSP which was accessible previously but not anymore due to password expiration. In this case you can contact your MSP support for a password renewal. We would also like to know what issue you are facing while resetting the password, and update us on who owns the Domain Controller so that we can try to help you further.
Feel free to reach out to us for further queries.
Please upvote if this information was useful.
Pramidha Yathipathi 415 Reputation points Microsoft External Staff

2025-04-07T11:09:11.39+00:00

Hi AdamGivens-8296 ,

Just checking in to see if you had a chance to review the answer on your question posted by "chrischin " . Feel free to reach out if you have any further queries.

If you found the information useful, please click "Upvote" and "Accept Answer" on the post to let us know.

Thank You.
Pramidha Yathipathi 415 Reputation points Microsoft External Staff

2025-04-08T01:07:43.8766667+00:00

Hi AdamGivens-8296 ,

Just checking in to see if you had a chance to review the answer on your question posted by "chrischin " . Feel free to reach out if you have any further queries.

If you found the information useful, please click "Upvote" and "Accept Answer" on the post to let us know.

Thank You.
Pramidha Yathipathi 415 Reputation points Microsoft External Staff

2025-04-14T04:37:39.5666667+00:00

Hi AdamGivens-8296 ,

If you’ve already been assigned the Virtual Machine Administrator Login role and you’re still unable to connect via RDP, there are a few things like:

Check Azure AD login is enabled on the VM

The role alone isn’t enough — the VM must have Azure AD login explicitly enabled. You can confirm this by going to the VM in the Azure Portal → Configuration → and verifying that Azure AD login is set to “Enabled.”

Use the right client and format when signing in

Make sure you’re using the latest version of the Remote Desktop client that supports Azure AD login. Also, when signing in, try using the format:

AzureAD******@domain.com

Fallback option: Serial Console (if enabled)

If the VM still isn’t accessible via RDP and Serial Console is enabled, you could try accessing it that way. It allows you to open a command prompt without needing a login session and manually reset the local admin password:

net user <username> <newpassword>

If your environment is set up for Microsoft LAPS and you’re in the right Entra role (like Cloud Device Administrator), you can recover the local admin password through:

• Microsoft Entra ID → Devices → [Your VM] → Local administrator password recovery

If you’re not seeing the password listed, it may mean LAPS hasn’t been fully set up yet.

Let me know if you have any further queries!

If the comment is helpful, please click "upvote" to let us know!
Pramidha Yathipathi 415 Reputation points Microsoft External Staff

2025-04-15T01:37:40.68+00:00

Hi AdamGivens-8296 ,

Just checking in to see if you had a chance to review the latest comment on your query. Let me know if you have any further queries.

If you found the information useful, please click "Upvote" on the post to let us know.

Thank You.
AdamGivens-8296 0 Reputation points

2025-04-15T13:42:49.3833333+00:00

I was able to regain access to the VM by running a PS script (get-localuser) through the Azure portal to determine the local user accounts on the VM. Once, I was able to determine that the accounts that were on the VM didn't match any of the account on the handoff document from the MSP that we ended relations with, I then ran another script to reset the password of one of the local account and was able to then login via RDP to the VM again.

Thanks for all the assistance!

1 answer

Your answer

Vamsi Ram Annepu 485 Reputation points Microsoft External Staff

2025-04-05T00:39:35.2833333+00:00

Hi AdamGivens-8296,
I understand from your question that you created a AVD from a MSP which was accessible previously but not anymore due to password expiration. In this case you can contact your MSP support for a password renewal. We would also like to know what issue you are facing while resetting the password, and update us on who owns the Domain Controller so that we can try to help you further.
Feel free to reach out to us for further queries.
Please upvote if this information was useful.
Pramidha Yathipathi 415 Reputation points Microsoft External Staff

2025-04-07T11:09:11.39+00:00

Hi AdamGivens-8296 ,

Just checking in to see if you had a chance to review the answer on your question posted by "chrischin " . Feel free to reach out if you have any further queries.

If you found the information useful, please click "Upvote" and "Accept Answer" on the post to let us know.

Thank You.
Pramidha Yathipathi 415 Reputation points Microsoft External Staff

2025-04-08T01:07:43.8766667+00:00

Hi AdamGivens-8296 ,

Just checking in to see if you had a chance to review the answer on your question posted by "chrischin " . Feel free to reach out if you have any further queries.

If you found the information useful, please click "Upvote" and "Accept Answer" on the post to let us know.

Thank You.
Pramidha Yathipathi 415 Reputation points Microsoft External Staff

2025-04-14T04:37:39.5666667+00:00

Hi AdamGivens-8296 ,

If you’ve already been assigned the Virtual Machine Administrator Login role and you’re still unable to connect via RDP, there are a few things like:

Check Azure AD login is enabled on the VM

The role alone isn’t enough — the VM must have Azure AD login explicitly enabled. You can confirm this by going to the VM in the Azure Portal → Configuration → and verifying that Azure AD login is set to “Enabled.”

Use the right client and format when signing in

Make sure you’re using the latest version of the Remote Desktop client that supports Azure AD login. Also, when signing in, try using the format:

AzureAD******@domain.com

Fallback option: Serial Console (if enabled)

If the VM still isn’t accessible via RDP and Serial Console is enabled, you could try accessing it that way. It allows you to open a command prompt without needing a login session and manually reset the local admin password:

net user <username> <newpassword>

If your environment is set up for Microsoft LAPS and you’re in the right Entra role (like Cloud Device Administrator), you can recover the local admin password through:

• Microsoft Entra ID → Devices → [Your VM] → Local administrator password recovery

If you’re not seeing the password listed, it may mean LAPS hasn’t been fully set up yet.

Let me know if you have any further queries!

If the comment is helpful, please click "upvote" to let us know!
Pramidha Yathipathi 415 Reputation points Microsoft External Staff

2025-04-15T01:37:40.68+00:00

Hi AdamGivens-8296 ,

Just checking in to see if you had a chance to review the latest comment on your query. Let me know if you have any further queries.

If you found the information useful, please click "Upvote" on the post to let us know.

Thank You.
AdamGivens-8296 0 Reputation points

2025-04-15T13:42:49.3833333+00:00

I was able to regain access to the VM by running a PS script (get-localuser) through the Azure portal to determine the local user accounts on the VM. Once, I was able to determine that the accounts that were on the VM didn't match any of the account on the handoff document from the MSP that we ended relations with, I then ran another script to reset the password of one of the local account and was able to then login via RDP to the VM again.

Thanks for all the assistance!

Answer 1

Some ideas:

Can you still get in using an AVD client? Do you have someone with owner access to the VMs? If yes to both, you can assign the Virtual Machine Admin Login role to a person's Entra identity for the VM's or Resource Group that contains the VM's. Next have that person login using AVD and they should be able to perform admin tasks within that session, to include opening a cmd prompt window as administrator. From there you can run lusrmgr and set the local administrator's password or add a new local admin user.

User's image

If you have privileged access to Microsoft Entra ID (at least Cloud Device Administrator), you can try using LAPS and get the password there.

In the Azure Portal, go to Microsoft Entra ID
Then go to Devices
Under My Feed, click on See all devices
Find the Device by name that is your AVD session host, click on the name
Then click on Local administrator password recovery
lf you don't see a password there, you will need to enable LAPS - https://learn.microsoft.com/en-us/entra/identity/devices/howto-manage-local-admin-passwords

AdamGivens-8296 0 Reputation points

2025-04-10T17:22:12.3866667+00:00

Thanks Chris for these instructions, unfortunately after assigning the Virtual Machine Admin Login role to myself (Administrator) I am still unable to access the VM when trying to connect via RDP.

Share via

AVD local admin account's password expired and I can't reset with Azure feature

1 answer

Your answer