So we have Azure AD synced with our on-premise domain. We have an Azure SQL Server configured with the active directory admin. We also have a non Azure SQL server running on a virtual machine in Azure that is domain joined to this same domain. The following are the results of using the various authentication mechanisms offered by SQL Management Studio (SSMS). Can someone explain why the failures occur with the various options that should be supported?
Facts about environment:
- Passthrough authentication is the sign-in method configured on AD Connect
- Password hash sync is also enabled so password hashes are stored in Azure AD
- Azure SQL is configured with Active Directory admin
- Latest version of SSMS was downloaded when performing these test
- On premise account was used to test all scenarios
Domain joined client connecting to Azure SQL from SSMS
- Active Directory Password (PASS)
- Active Directory Universal (PASS)
- Windows Integrated (FAIL - not supported by Azure SQL)
- Active Directory Integrated (FAIL – see error below)
Failure when client is standard domain joined client
Failure when client is Azure domain joined client
Domain joined client connecting to non-Azure SQL hosted on same domain
- Active Directory Integrated (PASS)
- Windows Integrated (PASS)
- Active Directory Password (FAIL – Login failed for user ‘’)
- Active Directory Universal (FAIL – Login failed for user ’’)
