| title | description | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.component | ms.workload | ms.tgt_pltfrm | ms.devlang | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Azure Active Directory Domain Services: Getting Started | Microsoft Docs |
Enable Azure Active Directory Domain Services using the Azure portal |
active-directory-ds |
eringreenlee |
mtillman |
curtand |
ace1ed4a-bf7f-43c1-a64a-6b51a2202473 |
active-directory |
domain-services |
identity |
na |
na |
conceptual |
05/23/2018 |
ergreenl |
Refer to Networking considerations for Azure Active Directory Domain Services.
The next configuration task is to create an Azure virtual network and a dedicated subnet within it. You enable Azure Active Directory Domain Services in this subnet within your virtual network. You may also pick an existing virtual network and create the dedicated subnet within it.
-
Click Virtual network to select a virtual network.
[!NOTE] Classic virtual networks are not supported for new deployments. Classic virtual networks are not supported for new deployments. Existing managed domains deployed in classic virtual networks continue to be supported. Microsoft will enable you to migrate an existing managed domain from a classic virtual network to a Resource Manager virtual network in the near future.
-
On the Choose virtual network page, you see all existing virtual networks. You see only the virtual networks that belong to the resource group and Azure location you have selected on the Basics wizard page.
-
Choose the virtual network in which Azure AD Domain Services should be enabled. You can either pick an existing virtual network or create a new one.
Tip
You cannot move your managed domain to a different virtual network after you enable Azure AD Domain Services. Pick the right virtual network to enable your managed domain. After you create a managed domain, you cannot move it to a different virtual network, without deleting the managed domain. We recommend reviewing the networking considerations for Azure Active Directory Domain Services before you proceed.
-
Create virtual network: Click Create new to create a new virtual network. Use a dedicated subnet for Azure AD Domain Services. For example, create a subnet with the name 'DomainServices', making it easy for other administrators to understand what is deployed within the subnet. Click OK when you're done.
Warning
Make sure to pick an address space that is within the private IP address space. IP Addresses that you do not own that are in the public address space cause errors within Azure AD Domain Services.
-
Existing virtual network: If you plan to pick an existing virtual network, create a dedicated subnet using the virtual networks extension, and then pick that subnet. Click Virtual Network to select the existing virtual network. Click Subnet to pick the dedicated subnet in your existing virtual network, within which to enable your new managed domain. Click OK when you're done.
Note
Guidelines for selecting a subnet
- Use a dedicated subnet for Azure AD Domain Services. Do not deploy any other virtual machines to this subnet. This configuration enables you to configure network security groups (NSGs) for your workloads/virtual machines without disrupting your managed domain. For details, see networking considerations for Azure Active Directory Domain Services.
- Do not select the Gateway subnet for deploying Azure AD Domain Services, because it is not a supported configuration.
- The subnet you've selected must have at least 3-5 available IP addresses in its address space.
- When you are done, click OK to proceed to the Administrator group page of the wizard.
Task 3: configure administrative group and enable Azure AD Domain Services