Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Deploying Azure Active Directory Domain Services (AADDS)

  • August 13, 2019
  • 8 min read
IT Production Manager. Nicolas is primarily focused on Microsoft technologies, he is a Microsoft MVP in Cloud and Datacenter Management.
IT Production Manager. Nicolas is primarily focused on Microsoft technologies, he is a Microsoft MVP in Cloud and Datacenter Management.


Azure AD Domain Services (AADDS) is a great service that allow you to deploy a managed domain in your Azure subscription. One of the great things is that you don’t need to deploy Virtual Machines in order to install the ADDS role. It means that you also don’t need to manage the AADDS servers, and you don’t need to patch the domain controllers.

The following diagram published on the Microsoft website, describes the AADDS architecture:

AADDS architecture

In this example, the AADDS service is deployed for cloud-only organizations. You must deploy a Virtual Network and a dedicated subnet within it. Microsoft recommends to not deploy any other virtual machines in this subnet and this subnet must have at least 5 available IP addresses in its address space. When, you deploy the AADDS service, it will create two Domain Controllers in this subnet.

Enable Azure AD Domain Services

Go to the Azure portal, in the left pane, click Create a resource. Then, type Domain Services into the search bar. On the Azure AD Domain Services page, click the Create button.

Azure AD Domain Services page

Configure the AADDS basic settings

In the new blade, you must enter the following information:

  • DNS Domain name: By default, the wizard specifies the default domain name of the directory but you can enter a custom domain name. In my case, I use my default domain name.
  • Subscription: Azure Subscription in which you would like to create the managed domain.
  • Resource Group: The Resource Group where the managed domain will be created.
  • Location: The Azure location where the managed domain will be located.

Configure the AADDS basic settings

Configure the AADDS network settings

On the Network page, you should see all existing virtual networks. In my case, I choose a dedicated VNet:

Configure the AADDS network settings

This dedicated VNet was created using the following settings:

VNet was creating

Configure the AADDS Group Sync

In the new blade that appears, you will notice that a new group named “AAD DC Administrators” has been created. This group allows you to manage your domain. So, you must add a user to this group in order to manage your domain.

Configure the AADDS Group Sync

Next, you must choose if you want a full synchronization of all users and groups available in Azure AD, or you can select scoped synchronization to synchronize only specific groups. Be careful, because, if you choose the full synchronization, you will not be able to switch to scoped synchronization at a later time.

Synchronization

On the Summary page of the wizard, review the configuration before creating the AADDS domain.

AADDS domain

The process of provisioning your managed domain can take up to an hour.

The process of provisioning your managed domain

Once the provisioning is done, you can see that the AADDS service is Running.

AADDS service is Running

On the Properties tab, you should see two IP addresses at which domain controllers are available for the virtual network.

Properties - IP adresses

Configure the AADDS DNS Settings

To finish the deployment process, you must enable computers within the virtual network to connect to this AADDS instance. Click Configure to update the DNS server settings for the VNet. Be careful, Virtual Machines in the VNet only get the new DNS settings after a restart.

Configure the AADDS DNS Settings

A warning message will appear in order to indicate that DNS servers have been configured.

DNS servers have been configured

Now, we need to deploy a Virtual Machine in order to join the AADDS domain.

Deploy a Virtual Machine

You will be prompted to enter the name and password of the account who is member of the “AAD DC Administrators”.

Name/domain AAD DC Administrators

In order to manage the AADDS domain, you must install the ADDS MMC. The domain can only be managed using the classic MMC from a domain join machine. You cannot manage the domain from the Azure portal. You can notice that two Domain Controllers are created in the domain.

Install the ADDS MMC

You can see domain joined computers.

Domain joined computers

To finish, you can also manage users and groups from the MMC.

Manage users and groups from the MMC

Hey! Found Nicolas’s insights useful? Looking for a cost-effective, high-performance, and easy-to-use hyperconverged platform?
Taras Shved
Taras Shved StarWind HCI Appliance Product Manager
Look no further! StarWind HCI Appliance (HCA) is a plug-and-play solution that combines compute, storage, networking, and virtualization software into a single easy-to-use hyperconverged platform. It's designed to significantly trim your IT costs and save valuable time. Interested in learning more? Book your StarWind HCA demo now to see it in action!