Azure Domain Services

1
votes

I've set up an azure domain services in a vnet, and already have a Win10 VM there. The DNS of the vnet was already updated successfully as well.

I would like to administer the domain with a specific account, "adadmin", which I created in my default Azure AD i.e. [email protected]. I added the account to the "AAD DC Administrators" group. However, i am unable to use the account to join the machines to the managed AD domain.

My understanding that creating the account after activating the domain services should allow creation of the NTLM hashes so the accounts can be used to manage the domain resources. Anyone encountered this issue during domain provisioning?

1
azureazure-active-directory
can you ping that domain name in that VM?Jason Ye
yes I was able to ping the domain, and use the nslookup to lookup SOA records for the AAD DS. The issue here is that i do not think the account sync happened between AAD and AAD DS.Roman
Since, i have re-created the AAD DS and making sure that the name matches. Then, change of password seems to fix the issue. When I have some bandwidth, i'll try to re-create this in my company's msdn subscription scenario to validate that indeed customizing the name was preventing me from synchronizing the accounts.Roman
Glad to hear that your issue has been resolved:) I will update your solution to my answer, please check it.Jason Ye

1 Answers

1
votes

My understanding that creating the account after activating the domain services should allow creation of the NTLM hashes so the accounts can be used to manage the domain resources.

You are right, we can use the members of the AAD DC Administrators group to add join machines to the managed domain, more information we can refer to this link

After you add users to that group, we should wait about 5 mins, and flush this machine, then use this account to add this machine to AAD DS.

Note:
Close system properties and re-open it, then use this account to join domain.

More information about join a Windows Server VM to AAD DS, please refer to this link.

Update:

As Roman said, re-create the AAD DS and change the password, fix this problem.