I’m currently in the process of setting up RDS using Server 2016 on a bunch of VMs in Azure where I frequently run into the problem of users (synced from on-prem) who are locked out and thus unable to set up their RD client connections.
When I look up the user accounts in Active Directory Users and Computer from within one the Azure VMs, I can see that the user account is locked out, but even as a member of the AAD DC Administrators group, the unlock box is greyed out. These same users do not show up as locked on the on-premises AD which I thought was supposed to be synced with AD Connect.
I believe we have Azure Active Directory Domain Services installed, and I’ve been reading about password writeback, but being new to Azure it is unclear to me what I need to configure in order to achieve this.
How can I easily unlock these users myself?