1. You were unable to RDP to the Azure VM “dc-sbs-01”, encountering the error “To sign in remotely, you need the right to sign in through Remote Desktop Services.  By default, members of the Administrators group have this right.  If the group you're in doesn’t have this right, or if the right has been removed from the Administrators group, you need to be granted this right manually.”.

2. I have shared with you that this happens when the user that is trying to login using RDP, is not part of the local group Remote Desktop Users on the machine. By default, any machine will allow to RDP users that belongs either the Administrators or Remote Desktop Users local groups. So, it is possible that someone by mistake have changed that.

3. To mitigate the issue, we started by accessing Serial Console. Please find below the steps we followed to launch the CMD instance to interact with the VM:

1. In the Azure portal, on the VM blade, we clicked on “Serial Console”, under “Support + troubleshooting”. 
2. After connecting to the console of the VM, you typed “cmd” to start the channel. You also got the name of the channel. 
3. You switched to the channel running the CMD instance, by typing “ch -si 1”.
4. Once you hit enter, it switched to that channel. You hit a second time and it asked for user, domain and password.
5. After adding valid credentials, the CMD instance opened and we could interact with the VM.

4. Since this VM is a domain controller, we added the domain user to the Remote Desktop Users group by running the below command:

net localgroup administrators domainname\username /add

5. After this, and without the need for reboot, you were successfully able to connect to the VM via RDP.