İlginizi Çekebilir
  1. Ana Sayfa
  2. Microsoft Azure
  3. How does Azure AD DS work?

How does Azure AD DS work?


In this post I will describe how to add AZURE Active Directory Domain services to your tenant using AZURE Portal.

Before we begin let’s talk a little bit about AZURE Active Directory Domain Services

Azure Active Directory Domain Services (AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos / NTLM authentication. You use these domain services without the need to deploy, manage, and patch domain controllers (DCs) in the cloud.

How does Azure AD DS work?

When you create an Azure AD DS managed domain, you define a unique namespace. This namespace is the domain name, such as Two Windows Server domain controllers (DCs) are then deployed into your selected Azure region. This deployment of DCs is known as a replica set.

You don’t need to manage, configure, or update these DCs. The Azure platform handles the DCs as part of the managed domain, including backups.

Azure AD DS features and benefits

  • Simplified deployment experience: Azure AD DS is enabled for your Azure AD tenant using a single wizard in the Azure portal.
  • Integrated with Azure AD: User accounts, group memberships, and credentials are automatically available from your Azure AD tenant. New users, groups, or changes to attributes from your Azure AD tenant or your on-premises AD DS environment are automatically synchronized to Azure AD DS.
  • Use your corporate credentials/passwords: Passwords for users in Azure AD DS are the same as in your Azure AD tenant. Users can use their corporate credentials to domain-join machines, sign in interactively or over remote desktop, and authenticate against the managed domain.
  • NTLM and Kerberos authentication: With support for NTLM and Kerberos authentication, you can deploy applications that rely on Windows-integrated authentication.
  • High availability: Azure AD DS includes multiple domain controllers, which provide high availability for your managed domain. This high availability guarantees service uptime and resilience to failures.

Now let’s start Implementation:

Login to AZURE Portal


Create new resource group


Click review and create



Search for AZURE AD DS and choose AZURE AD Domain Services


Click ADD

Choose subscription and resource group


After filling the required fields click Next, here I choose to create new subnet to deploy the AD DS into it.



Add more Administrators If needed or accept the default then click next


Accept the default then press Next


After validation complete press create


Press Ok to start creating AZURE AD Domain Services

It might take an hour to be finished





Click view health


Now let’s create a VM in the same VNet and try to join AZURE AD DS

From home page click create resource


Choose compute then select virtual machine


Fill the required fields the click Next


In the Disks page accept the defaults then click next


In the Networking page accept the defaults then click Review + Create


Then click create

After creation completed you will be able to connect to your VM


Click Connect è RDP


Click download RDP File then connect to the created VM

Connect to the virtual machine using the credentials you supplied in the creation wizard


Now let’s try to join the domain


Click computer name then click change




This failed because AZURE Active Directory Domain Services requires the legacy password of NTLM for authentication because this is a cloud only account.

To solve this Issue we have to go back to AZURE active directory from the portal and search for that user and reset the password.


Click users

And choose the user you tried joining using it and reset password


Click reset password

And in private browser window update the password then wait for 30 Minutes

Now let’s try to join the domain using the new password




After restarting you will be able to login using the domain user



TAGs: Azure , Azure AD, Azure ADDS, Azure Active Directory, Azure Active Directory Domain Services, Active Directory

Yorum Yap

Yazar Hakkında

In 2001 Mohamed Farouk graduated from Sadat academy for management science (Major Computer Sciences) in egypt. Mohamed is determined and solutions-focused information technology professional with a career progression that spans 18+ years and includes experience in the configuration, installation, upgrades, security, maintenance, integration, support, and monitoring of business-critical applications, databases, systems for SQL Server, Oracle and Microsoft Azure environments. As an experienced Project Leader committed to maintaining cutting edge AZURE technical skills and up-to-date industry knowledge, gifted with strong design skills and superb attitude when working independently or with a team of experts.

Yorum Yap