S2S tunnel with Azure Active Directory Domain services VNET and On-prem VNET


  • Hi , In our enterprise we use only AAD. There is no on-prem AD. For domain services we are using the AAD domain services.

    We are in a situation where we have to set up physical servers in a Data Center due to certain licensing requirement. No other option available. 

    How do we leverage the managed domain in Azure?

    Is it possible to to have a S2S  VPN tunnel between the Azure domain service vnet and On-prem vnet ? If tunneling is possible will I be able to join the on-prem  servers to the AAD Domain service domain?.  

    Note: I dont want to take the option of setting up Local AD and DC for the on-prem server footprints. Dir sync is also not possible because as an enterprise we don't have on-prem AD and dont want to create one just for the above scenario.

    Thank You


    Tuesday, April 11, 2017 6:15 PM

All replies

  • Yes. This will work. Standard way to connect the networks and ensure that your routing/firewall rules allow connection between a member server (your server in the local data center) and Azure AD Domain Services that lives in the Azure Network. See for information on protocol/ports. 

    Also link to connecting networks


    //Sam (@MrADFS)

    Thursday, April 13, 2017 4:12 PM