locked
Azure AD Domain Joining RRS feed

  • Question

  • Hello All..........If I create a VM in a Resource Group, would I be able to join it to the Azure AD Domain? 

    Thursday, September 28, 2017 7:13 PM

All replies

  • Refer the below links to join Azure VM to AAD:

    Join a Windows Server virtual machine to a managed domain

    https://social.msdn.microsoft.com/Forums/vstudio/en-US/90212c19-6a93-414e-88cc-34f8fcf2c6d3/join-azure-vm-to-azure-active-directory?forum=WAVirtualMachinesforWindows

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.


    • Proposed as answer by vikranth s Thursday, September 28, 2017 7:57 PM
    Thursday, September 28, 2017 7:57 PM
  • Thanks for the reply.

    So, you are basically confirming that with Azure AD, we cannot join a VM.

    And that we would require Azure AD Domain Service which would allow us to join the VM to the Domain which is hosting our user accounts?

    Kindly, confirm.

    Friday, September 29, 2017 12:07 PM
  • Yes, you need to activate domain services to make use of features like domain join. This will also give you access to some GPO and DNS functionality. 

    Don't forget, currently domain services can only be activated using a classic vnet (it's available in preview in ARM). So if you want to deploy an ARM VM, you can peer the classic to the arm vnet to make use of domain services. You must enable the domain services IPs as DNS in both vnets. More on this at these links

    DS network considerations - https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-getting-started-network#task-2-configure-network-settings

    Vnet peer - https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

    Joe

    • Proposed as answer by Joe Carlyle Friday, September 29, 2017 1:50 PM
    Friday, September 29, 2017 1:50 PM
  • Thanks for the reply.

    So, if the subscription that I am using has (abc.com) defined as Microsoft Azure AD even then I can go ahead and create Azure AD Domain Services with xyz.com and utilize this domain for authentication for applications, etc.  Kindly, confirm.

    Actually, my scenario is that I have build a Development Environment where everything is isolated from Production Resources.  So, I plan to create separate Resource Group and put all the resources together for the Development Environment there.  My problem has been Active Directory.  I want this environment to have its own Active Directory domain such as xyz.com instead of abc.com which is default Azure AD Domain of my subscription.

    I hope I have explained it well.  Please, suggest.  Thanks in advance.

    Tuesday, October 3, 2017 7:47 PM
  • Hi,

    There are two limitations, it must must be a custom domain that you have added and verified to your tenant. 

    It cannot be a domain that is already running as the domain name as part of classic domain services in the same vnet. So if you have a DC for xyz.com running DS in a vnet, you could not use Azure DS in that network. 

    I don't the second will apply based on what you want to put in place, but the first will!

    Joe

    Thursday, October 5, 2017 8:24 AM