Active Directory administrative tools - Users can't login

Question

I needed to have Custom OU (long story, but to integrating a legacy app with Azure AD that uses LDAP to look for users in specific OU's). So I added the Custom OU using Active Directory remote administrative Tools following the advice here Microsft document

I have added the custom OU's added users into them, so far so good.

Only issue is I can't login with any users added through the VM. When I try to login to Azure I get this error (This username may be incorrect. Make sure you typed it correctly. Otherwise, contact your admin.)

Any Ideas why this is the case, is this by design?

or maybe I am not entering something that is required. (Although the domain and all the details match the user is added to domain users group)

Answer 1

when you add custom OUs in azure ad Domain services ( AAD DS ) there are limitations to objects added to those custom OUs, such as.. exactly what you mentioned. those users are not available in azure ad. Only to the AAD DS connected devices. it's like a local domain user.

https://learn.microsoft.com/en-us/azure/active-directory-domain-services/create-ou#custom-ou-considerations-and-limitations

User accounts, groups, service accounts, and computer objects that you create under custom OUs aren't available in your Azure AD tenant.
These objects don't show up using the Microsoft Graph API or in the Azure AD UI; they're only available in your managed domain.