You may already Azure Active Directory which used (at least) by Office 365 to manage users and groups – either synchronized from your own On Premises AD or directly from the cloud.

Now, Microsoft has announced Azure Active Directory Domain Services to deliver a more complete AD services from the cloud – meaning you do not have anymore to deploy, configure and manage domain controllers in the cloud (using a cloud virtual machine for example).

This approach required a more complex architecture On Premises before being able to deploy a cloud domain controller.

To take advantage of this new Azure AD service, you must have a Azure tenant (or an Office 365 tenant) and enable the Azure AD DS service.

Enable Azure AD DS service

  • Connect to your Azure tenant and access the Active Directory options to edit your existing directory or create a new one

image

  • Access the Groups management option and create a new group called AAD DC Administrators – the name MUST be exactly this one – and add your administrator accounts as member

image

  • Create an Azure Network (if you do not have already one created); this network will be used to bind with Azure AD DS service; I will not go through these steps as they are well documented everywhere Smile

image

  • Go back to the Active Directory section from the portal and Configure your directory

image

  • Enable the Domain Services feature

image

  • Select the DNS domain name and the Azure Virtual Network to use with this service. If you are using the Azure AD service used by your Office 365 tenant, you will get automatically ALL the domains you have associated with your Office 365 tenant. You can also type your own domain name
  • imageimage

  • At this stage, the provisioning process is initialized. This means Azure AD DS is being created and configured (some sort of DCPROMO on Azure) and is connecting to the Azure Network selected. It can take up to 60 minutes to get it completely done. When the process is done, you should see 2 IP addresses
  • imageimage

  • Once completed, take note of the IP address shown and edit the Azure Virtual Network to point the DNS servers used to these IP addresses
  • imageimage

  • Activate the synchronization of legacy credential hashes by either resetting the password for cloud user accounts or by activating password synchronization on Azure AD Connect
  •  

    You are ready to go and use your new Azure AD DS with your applications hosted on Azure (either VM or cloud services). You are now able to join your Azure Virtual Machine to your On Premises AD. More use cases and scenarios available here https://azure.microsoft.com/en-us/documentation/articles/active-directory-ds-overview/#scenarios-and-use-cases