Having most of the restored machines disconnected from their domain with broken trust relationship and NLA can be a problem as there is no console connection like in your standard Hyper-V or VMWare solutions. You can't just use a console and fix it manually. Therefore even if you have your old or new password, you still can't log in to the machine. One, because NLA (Network Level Authentication) will prevent it, and two, even if you have disabled NLA the newly reset password on Domain Controller will never reach that machine. You can, of course, use the feature provided by Azure to reset your local RDP password which will create a new user or will reset a password for existing one but with NLA enabled you can't log in even with local administrator. So you have to find a way to remove it first. Removing NLA is simple. Just one line of PowerShell changing one entry in the registry and you're done.