[Azure] Active Directory Domain Services

November 27, 2015 at 9:22 am in Azure, Azure Active Directory, Nano Server by Florent


Azure has released a new possibility in Azure, the using of Active Directory, directly in Azure, like if you deployed a domain controller, in a virtual machine. In fact, your Active Directory will be stored in Azure and will be managed direclty by Microsoft.

Azure AD DS is in Preview and is available (when I write this post) in many of regions: https://azure.microsoft.com/en-us/regions/

To implement this, I used the basic domain name onmicrosoft.com but you can use a custom domain, after verified it. I also created a group named AAD DC Administrators (the name MUST be the same) for Domain Administrators and I added some account in it. Now, create you Active Directory and go to Configure > Domain Services and click on Yes. Choose the name for your domain and the network where the AD will be connected (Azure will create 2 AD for the HA):


After around 30 minutes, you will be able to see the first AD IP address, the next address will come after:


Take these 2 IP address and go in your virtual network, click on Configure. Here, provide the 2 IP address for the DNS:


If you want to administer this AD with the GUI, it’s possible. Deploy a VM that will be joined to the Azure AD domain and install the Group Policy Management and AD DS Tools features.

Launch the Active Directory Users & Computers console. You will be able to manage your accounts here (users, groups and computers) with some limitations (create an object, etc.):


You can do the same with the group policy console, but here, you will be able to create/delete/modify GPOs.

This news is very usefull in case of a startup that want to use Office 365, with an AD, but don’t have a server to store his AD.

About the price, you have to expect around 32€/month for less than 5000 objects in your AD (Users, Groups & Computers): https://azure.microsoft.com/en-us/pricing/details/active-directory-ds/