| title | description | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.workload | ms.tgt_pltfrm | ms.devlang | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Azure Active Directory Domain Services: Getting Started | Microsoft Docs |
Enable Azure Active Directory Domain Services using the Azure portal |
active-directory-ds |
mahesh-unnikrishnan |
stevenpo |
curtand |
ace1ed4a-bf7f-43c1-a64a-6b51a2202473 |
active-directory-ds |
identity |
na |
na |
article |
09/26/2017 |
maheshu |
In this configuration task, you create an administrative group in your Azure AD directory. This special administrative group is called AAD DC Administrators. Members of this group are granted administrative permissions on machines that are domain-joined to the managed domain. On domain-joined machines, this group is added to the administrators group. Additionally, members of this group can use Remote Desktop to connect remotely to domain-joined machines.
Note
You do not have Domain Administrator or Enterprise Administrator permissions on the managed domain that you created by using Azure Active Directory Domain Services. On managed domains, these permissions are reserved by the service and are not made available to users within the tenant. However, you can use the special administrative group created in this configuration task to perform some privileged operations. These operations include joining computers to the domain, belonging to the administration group on domain-joined machines, and configuring Group Policy.
The wizard automatically creates the administrative group in your Azure AD directory. This group is called 'AAD DC Administrators'. If you have an existing group with this name in your Azure AD directory, the wizard selects this group. You can configure group membership using the Administrator group wizard page.
-
To configure group membership, click AAD DC Administrators.
-
Click the Add members button to add users from your Azure AD directory to the administrator group.
-
When you are done, click OK to move on to the Summary page of the wizard.
-
On the Summary page of the wizard, review the configuration settings for the managed domain. You can go back to any step of the wizard to make changes, if necessary. When you are done, click OK to create the new managed domain.
-
You see a notification that shows the progress of your Azure AD Domain Services deployment. Click the notification to see detailed progress for the deployment.
The process of provisioning your managed domain can take up to an hour.
-
While your deployment is in progress, you can search for 'domain services' in the Search resources search box. Select Azure AD Domain Services from the search result. The Azure AD Domain Services blade lists the managed domain that is being provisioned.
-
Click the name of the managed domain (for example, 'contoso100.com') to see more details about the managed domain.
-
The Overview tab shows that the managed domain is currently being provisioned. You cannot configure the managed domain until it is fully provisioned. It may take up to an hour for your managed domain to be fully provisioned.
-
When the managed domain is fully provisioned, the Overview tab shows the domain status as Running.
-
On the Properties tab, you see two IP addresses at which domain controllers are available for the virtual network.
It may take an hour or two for both domain controllers for your managed domain to be provisioned. If your deployment failed or is stuck in the 'Pending' state for more than a couple of hours, feel free to contact the product team for help.
Task 4: update the DNS settings for the Azure virtual network