The referenced account is currently locked out and may not be logged on to.
You may receive the following error after creating your Azure AD DS instance and when you try and join your Azure server to the newly created domain you receive the error.
There are a few options to test to try and sign in and complete the Azure AD DS domain join process.
You can you try and of the following:
Legacy login: DOMAIN\USERNAME
For example, your username is John@thatlazyadmin.onmicrosoft.com your login will be thatlazyadmin.onmicrosoft.com\john
If the above does not work for you, you can then try the following, after creating your Azure AD DS instance you will have to reset your password.
For cloud-only user accounts, users must change their passwords before they can use Azure AD DS. This password change process causes the password hashes for Kerberos and NTLM authentication to be generated and stored in Azure AD. The account isn’t synchronized from Azure AD to Azure AD DS until the password is changed. Either expire the passwords for all cloud users in the tenant who need to use Azure AD DS, which forces a password change on next sign-in, or instruct cloud users to manually change their passwords.
Once the password for the user has been changed, you can attempt to join the domain again.
In the next article we will look at how to create GPO’s (Group Policies) using Azure Active Directory Domain Services.
Microsoft is aware of the known account lock out challenges with Azure AADDS, you can view the FAQ here: Troubleshoot account lockout in Azure AD Domain Services | Microsoft Docs
[…] Link: The referenced account is currently locked out and may not be logged on to. – ThatLazyAdmin […]