How to add Azure Win2016 VM to Azure AD that comes with Office 365 tenant


  • OK, Azure newbe here....

    I created an Office 365 tenant, for a small NGO. Several users created, domain added mail flowing etc. all fine.

    No connection to local AD, because we don't have any, no central network, no AD etc.

    The only AD we have is the (light?) AD that comes with the Office 365 tenant.

    Now I created a Win2016 VM that I'd like to add to the AD that comes with the Office 365 tenant.

    Is that possible without adding the full Azure Active Directory to my tenant? We'd prefer not to use the full Azure Active Directory since only servers will be added, no workstations, we don't need group polices since no workstation will be added (user are using their private home machines to connect to our Office 365 tenant...
    We just want to add the Win2016 VM to the domain to provide access for some of our Office 365 tenant users.



    Friday, March 10, 2017 9:05 PM

All replies

  • What comes with O365 is Azure AD, which is very different from 'traditional' AD. There are no domain controllers, OUs, GPOs, domain join operations, etc. Take a look at Azure AD Domain services instead:
    Saturday, March 11, 2017 9:41 AM
  • Hello,

    what do you mean by "full" Azure AD.

    You already have an AzureAD with all Free/Basic features behind your O365. This can only be extended by additional features that require additional licenses like AAD Premium P1 or P2. But as Vasil already stated that has nothing to do with GPOs, traditional domain joins and other parts you are familiar with from the onPrem AD.

    Beside the fact of the familiar name Active Directory, Azure AD is completly different in most cases.

    But with the link Vasil mentioned you can "simulate" an regular AD from data of your AAD.

    You will get a Domain / or DC as a service, so think of DCaaS. Bit this service is mainly to migrate OnPrem Applications that cannot be modified to work directly with AAD and be able to bring them to the cloud.

    These DC and the Domain behind are limited in some way for example of schema extensions or GPOs

    You can always create a real Domain as VMs in IaaS.

    But in your case it might be both not the solution you want, what is your corrent intend to joint the server to a domain, if you dont need GPO and users client will also not join ?


    Peter Stapf - ExpertCircle GmbH - My blog:

    Saturday, March 11, 2017 2:41 PM