Azure AD user suddenly unable to login to PC
Solution 1:
There is clearly a horrible bug in Windows Anniversary Update and Azure AD, because I have found other people online complaining of this exact problem. My colleague also had a related Azure AD-Join problem after Anniversary update, indicating it might be a TPM-related issue.
My solution in the end required the following steps:
- Using a recovery USB stick, enable the local admin account using a regedit.
- Once logged into the desktop, create another temporary user account.
- With that user account "disconnect" the device from your Azure Domain.
- After PC restarts, connect device back to Azure Domain.
- Logoff and log back in as one of your Azure Domain users.
- Follow the first-sign-on steps, including being offered to setup a PIN number.
- Note this will fail because of an error with the TPM - might be related to the original bug?
- "Enjoy" having access to your PC again
- Unfortunately it will have created a new user on disk "John_xyz" instead of "John" where everything used to be stored, and none of your settings or apps will remain. So basically you've got a clean install.
Very annoying, Microsoft.
Solution 2:
My customer had the exact problem, I was able to login as a local administrator, and found out that the user had a Local Admin account with the same name as the Azure AD account.
Login out as the local admin, and signing in with the e-mail address of the azure-ad user solved the problem in this case.