Azure AD user suddenly unable to login to PC

Solution 1:

There is clearly a horrible bug in Windows Anniversary Update and Azure AD, because I have found other people online complaining of this exact problem. My colleague also had a related Azure AD-Join problem after Anniversary update, indicating it might be a TPM-related issue.

My solution in the end required the following steps:

1. Using a recovery USB stick, enable the local admin account using a regedit.
2. Once logged into the desktop, create another temporary user account.
3. With that user account "disconnect" the device from your Azure Domain.
4. After PC restarts, connect device back to Azure Domain.
5. Logoff and log back in as one of your Azure Domain users.
6. Follow the first-sign-on steps, including being offered to setup a PIN number.
   • Note this will fail because of an error with the TPM - might be related to the original bug?
7. "Enjoy" having access to your PC again
   • Unfortunately it will have created a new user on disk "John_xyz" instead of "John" where everything used to be stored, and none of your settings or apps will remain. So basically you've got a clean install.

Very annoying, Microsoft.

Solution 2:

My customer had the exact problem, I was able to login as a local administrator, and found out that the user had a Local Admin account with the same name as the Azure AD account.

Login out as the local admin, and signing in with the e-mail address of the azure-ad user solved the problem in this case.