Azure AD Domain Services Cloud only user passwords

I have been creating a Windows Virtual Desktop (WVD) environment for internal testing. I’ll be sharing the process and tricks soon but this issue was one that I really didn’t know about for Azure AD Domain Services until someone pointed it out to me.  I am eternally grateful to gerry_1974 on the Microsoft Tech Community for this information that lead to the resolution. I thought I’d also share it here so others can avoid the oversight I made and prevent getting as frustrated as I did.

I recently wrote about setting up Azure AD Domain services for a cloud only environment

Moving to the Cloud – Part 3

The reason I needed to do this was to support my planned “cloud only” WVD test environment. Azure AD Domain Services is basically designed to create an ‘old style’ domain that WVD host machines connect to. That will change down the track, but for now WVD needs a traditional AD. Since I did not have an existing on premises domain, I planned to use Azure AD Domain Services.

After getting things working eventually (more about that soon), I was able to successfully login to my WVD environment with a user who didn’t have Multi Factor Authentication (MFA) enabled. I then tried a user with MFA and received:

clip_image001

The remote computer that you are trying to you are trying to connect to requires Network Level Authentication (NLA), but your Windows Domain controller cannot be contacted to perform NLA. if you are an administrator on the remote computer, you can disable NLA by using the options on the Remote tab of the System Properties dialogue box.

I put the issue down to being about MFA but as it turned out, I was so wrong!

When you have cloud only users with Azure AD Domain Services, no password hashes in a format that’s suitable for NT LAN Manager (NTLM) are automatically generated! To force this generation for cloud only users, it is required that the cloud only user change their password per:

Enable user accounts for Azure DS

which says:

The steps to generate and store these password hashes are different for cloud-only user accounts created in Azure AD versus user accounts that are synchronized from your on-premises directory using Azure AD Connect. A cloud-only user account is an account that was created in your Azure AD directory using either the Azure portal or Azure AD PowerShell cmdlets. These user accounts aren’t synchronized from an on-premises directory.

and most importantly:

For cloud-only user accounts, users must change their passwords before they can use Azure AD DS. This password change process causes the password hashes for Kerberos and NTLM authentication to be generated and stored in Azure AD.

After having this brought to my attention, I understand why this is but would also say this could be a very painful process if you have a lot of users that are wanting access to something like WVD.

Thus, another little configuration tip to remember if you are setting up a cloud only environment that utilises Azure AD Domain Services. Before users can potentially use services that are dependent on Azure AD Domain Services (like Windows Virtual Desktop) they need to change their password so the NTLM password hash can be generated for use by Azure AD Domain Services.

Ignite 2019 sessions on YouTube

Not everyone, including me, is able to get to Microsoft Ignite for various reasons. Microsoft, to their credit, live streams and records the sessions. Eventually, these sessions make their way onto YouTube which is my preferred viewing platform. However, what is missing is a catalogue of the links to each session.

image

As in previous years:

Ignite 2017 sessions on YouTube

Ignite 2018 sessions on YouTube

I have started building this index and making it available on my GitHub:

Ignite session 2019 on YouTube

Please note, all the session are not there as yet. I add them as I discover them along the way through the year.

Of course, if you have a link to a session that I don’t have up there yet, please send it along so I can add it and we can all benefit.

Thanks again to Microsoft for doing this and uploading the sessions to YouTube. They are a great source of learning and allows people like me would couldn’t get to Ignite the ability to work through the content.

Swapped “ and @ on keyboard

One day you are merrily typing away as you always have, and all of a sudden you find that what you typed is wrong. You retype it again and find that the key you press is not actually the key that appears! What the??

In my case the @ (SHIFT+2) was being replaced by “ (SHIFT+’).  Luckily, I remembered that this had happened before and involved the English pound (£) symbol.

SNAGHTML6446008

The reason is because I have 2 keyboards types installed on my desktop PC as you can see above. You can view your keyboards by selecting the language icon in the system tray which is next to the clock.

Once I re-selected the English (Australia) keyboard I was back in business with the correct keys.

image

Always wanting to know how this could happen, I received my answer when I moused over that same icon as shown above. The keyboard is swapped when you press the Windows key + space. I use the Windows key + another key on my keyboard all the time so I had obviously fat fingered the secret sequence to change the default keyboard! The things my subconscious does to try and distract me.

Hopefully, this helps someone else out because it can be very frustrating to solve the first time it happens.

That COG is pretty handy!

image

If you visit the page for your OneDrive for Business, you’ll notice a COG in the top right hand corner of the window as shown.

image

If you select that, you’ll see a menu like shown above. Select the OneDrive settings option as shown.

image

Here you’ll find a page with a whole lot more options. In this case select the option, Storage metrics as shown.

You should also note that there is a Run sharing report option as here well.

image

The Storage metrics option allows you to see a breakdown of the data storage in your OneDrive for Business as shown. You’ll also notice in the top right, the total and used capacity of your data.

image

You can drill further into directories by simply clicking on them. The above shows the data break down in the Documents directory below the OneDrive for Business home location.

Microsoft will also be adding more options to the COG over time so make you check there regularly.

Need to Know podcast–Episode 226

Although Brenton is still on holidays you’ll hear him interview Michelle Price from AustCyber in this episode, along with a few updates from the Microsoft Cloud from me.

This episode was recorded using Microsoft Teams and produced with Camtasia 2019

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-226-michelle-price/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

Michelle Price

@contactbrenton

@directorcia

Introducing security defaults

Office What’s New Management Preview Updates Now Available

8 new ways to empower Firstline Workers and transform the way they work with Microsoft 365

Announcing Office Scripts (Preview)

Updated Microsoft Online Services Terms are available to our customers around the world

My podcasts – 2020

desk-music-headphones-earphones

Seems like I neglected to post my podcast preferences last year. You can find the previous selection here:

My podcasts 2018

I do spend a lot of time listening to podcasts, generally in between things, like travelling. However, there is a limit to how many you can consume in a week and that’s why I need to be very discerning about what I listen to.

Regulars

These podcasts are ones that I generally won’t miss an episode of.

Windows Weekly

The latest Microsoft news with some fun and entertainment along the way. Paul Thurrott’s musing make this podcast alone something worth listening to.

The Tim Ferriss Show

Some really great advice, business insights and strategy. Also lots of life lessons that I have found work really well for me. A weekly must listen for me.

Hardcore History

These tend to be quite long, like reading a book, but a very good and very interesting. Luckily, they are not that frequent, so it can make a nice change from all the tech stuff

The Intrazone

All the latest news and information about SharePoint, OneDrive for Business, Teams and more directly from Microsoft.

Currently evaluating

These podcasts I listen to frequently, but maybe not every episode. Some of these may eventually get cut from the roster. Anything here has to provide real business value for it to remain long term.

The Message Center Show

What has appeared in the Microsoft 365 message center. Many just for change notifications.

Microsoft Cloud Show

Tends to be somewhat developer focused but there is handy information here, once you get past some of the other stuff.

Microsoft Cloud IT Pro podcast

More for IT Pros and somewhat random in its content. Another podcast in which you have to get past stuff to get to the information.

O365Eh!

A rather Teams centric podcast, however it is short so a quick listen. Still not sure if it has long term value in my ears.

If I have time

There are simply not enough hours in a day to get through everything. These are great podcasts but I simply don’t have the time to listen to them regularly unfortunately.

Jocko Podcast

Probably too hard core for most. For me it is a great mix of military history and business mindset training. If you have a ‘fanatical’ tendency then give this one a listen.

The Kevin Rose Show

A bit like the Tim Ferriss podcast. Plenty of interesting and different stuff that always makes you think. Somewhat irregular episodes but I am still enjoying what I’m hearing.

Business wars

Interesting to get the story behind major business rivalries. More a ‘stage production’ than a podcast. Very enjoyable if you have the time.

Behind the Tech

Hosted by Microsoft’s Chief Technology Officer, Kevin Scott, it has lots of interesting guests and topics.


I churn through these mostly at 2x speed to allow me to get through as much content as possible. I do have a few other podcasts on my current podcasting app but I think they’ll soon be getting the cut. I am always on the lookout for good podcasts business, technology, history, whatever. So if you can recommend something you like, I’m all ears.

Finally, of course, there is my own podcasting effort:

Need to Know podcast

which covers the Microsoft Cloud (typically Office 365 and Azure) as well as business topics. I encourage you to have a listen and me know what you think. 2020 will be the tenth year that it has been available, which is a bit of milestone I must admit. Recently, I’ve started doing shorter, more focused FAQ episodes as well as the standard long form interview.

Hopefully, there is something of interest to you in what I listen to. Feel free to let me know as well as any recommendations you may have, as I said, I’m all ears!

My Tech Books – 2020

Tech is as much a lifestyle choice these days as it is a career. The geeks and nerds have risen to rule the world. Don’t believe me? Ask Bill Gates! Sometimes it is good to step back and take a wide look at how technology has changed the world we live in – for better and worse. My selection below I have found to be enjoyable and thought provoking in many different ways and I recommend them to everyone who is interested in tech.

There hasn’t been an change to this since last year. Good tech books are hard to come by it seems!

You can follow all the books, tech, business, non-fiction I read and want to read over at Goodreads where I have an account. You can also view my activity via:

https://www.goodreads.com/director_cia


1. Daemon – Daniel Suarez [Fiction]

A glimpse into the future of where drones and augmented reality may take us. That may not necessarily be a good place either.

2. Freedom TM – Daniel Suarez [Fiction]

A follow up to Daemon. What happens when technology dominates the world? Who benefits?

3. Ready Player One – Ernest Cline [Fiction]

Much like the Matrix. What is life like if you live inside the machine? You can be just about anyone you choose. I also love this book for all the retro technology that was part of my life. TRS-80 anyone? This book has become so popular that there is now a movie. Believe me, the book is better.

4. Future Crimes: Inside the Digital Underground and the Battle for our Connected World – Marc Goodman [Non-fiction]

Technology will ultimately doom us all I believe because we are building our world on stuff that unfortunately places a low regard for security and privacy. This book will show you why that is a road to ruination.

5. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon – Kim Zetter [Non-Fiction]

If you don’t believe cyber warfare is real then read this book to understand how software is now a weapon as potentially devastating as any nuclear device.

6. Beyond Fear: Thinking Sensibly about Security in an Uncertain World – Bruce Schneier [Non-Fiction]

Security is important but it is important in context. We need to be rational when we consider our security not emotional. A great level headed approach to how we need to be secure.

7. American Kingpin: The Epic Hunt or the Criminal Mastermind Behind the Silk Road – Nick Bilton [Non-Fiction]

An amazingly detailed book on the rise and fall of Ross Ulbricht, the creator of the Silk Road web site. In here are asked to think about whether technology plays something more than a neutral role in today’s world.

8. The Cuckoos Egg – Clifford Stoll [Non-Fiction]

Before the Internet was in the public sphere it existed in the world of academia. This is the story of how one man’s search for the source of an accounting error uncovered something are more sinister.

9. Takedown – John Markoff and Tsutomu Shimomura [Non-Fiction]

The pursuit and eventual capture of notorious hacker Kevin Mitnick makes for great reading.

10. Hackers: Heroes of the Computer Revolution – Steven Levy [Non-Fiction]

Ah, the good ole days when it was more about proving how smart you were than trying to actually cause harm. If you think hacking is something new, then you’re in for a surprise with this book