Azure AD Domain Services

Save costs and operate more efficiently with managed domain services

Azure AD Domain Services enables you to use managed domain services—such as Windows Domain Join, group policy, LDAP, and Kerberos authentication—without having to deploy, manage, or patch domain controllers.

Features

Increase operational efficiency

Enable managed domain services for virtual machines and directory-aware applications deployed in Azure with a click of a button. Reduce operational and maintenance costs associated with managing identity infrastructure for your virtual machines and legacy applications.

Run legacy applications in the cloud

Easily migrate on-premises apps to a managed domain. Streamline management of all applications from your legacy, directory-aware apps alongside your modern cloud apps with a single identity solution.

Rely on a managed, highly available service

Azure AD Domain Services includes multiple domain controllers to provide high availability for your managed domain. Ensure business continuity with guaranteed service uptime and resilience to failures.

Pricing for Azure Active Directory Domain Services

Azure AD Domain Services offers built-in conditional access and security threat intelligence for all your users. Usage is charged per hour, based on the SKU selected by the tenant owner. Explore pricing options to find the version that fits your needs.

Learn more about pricing

Get started with an Azure free account

1. Start free. Get $200 credit to use in 30 days. While you have your credit, get free amounts of popular services and 25+ other services.
2. After your credit, move to pay as you go to keep getting popular services and 25+ other services. Only pay if you use more than the free monthly amounts.
3. After 12 months, you’ll continue getting 25+ services free always—and still only pay for what you use beyond the free monthly amounts.

Azure AD Domain Services resources and documentation

How-to guides

• Learn how to configure scoped synchronization from Azure AD to Azure AD Domain Services in the Azure portal

Tutorials

• Learn how to create and configure an Azure AD Domain Services managed domain

Code samples

• Find code samples to jumpstart your deployment

Identity services documentation

• Compare self-managed Active Directory Domain Services, Azure AD, and managed Azure AD Domain Services

Frequently asked questions about Azure AD Domain Services

Can I create multiple managed domains for a single Azure AD directory?

No. You can create a single managed domain serviced by Azure AD Domain Services for a single Azure AD directory.

Can I enable Azure AD Domain Services in an Azure Resource Manager virtual network?

Yes. Azure AD Domain Services can be enabled in an Azure Resource Manager virtual network. Classic Azure virtual networks are no longer available when you create a managed domain.

Can guest users invited to my directory use Azure AD Domain Services?

No. Guest users invited to your Azure AD directory using the Azure AD B2B invite process are synchronized to your Azure AD Domain Services managed domain. However, as passwords for these users aren’t stored in your Azure AD directory, Azure AD Domain Services has no way to synchronize NTLM and Kerberos hashes for these users to your managed domain, so they can’t sign in or join computers to the managed domain.

Does Azure AD Domain Services include high availability options?

Yes. Each Azure AD Domain Services managed domain includes two domain controllers. You don’t manage or connect to these domain controllers—they’re part of the managed service. If you deploy Azure AD Domain Services into a region that supports availability zones, the domain controllers are distributed across zones. In regions that don’t support availability zones, the domain controllers are distributed across availability sets. Learn more about availability options for virtual machines in Azure.

How long does it take for changes I make to my Azure AD directory to be visible in my managed domain?

Changes made in your Azure AD directory using either the Azure AD UI or PowerShell are automatically synchronized to your managed domain. This synchronization process runs in the background. There’s no defined time period for this synchronization to complete all the object changes.

Can I pause an Azure AD Domain Services managed domain?

No. Once you’ve enabled an Azure AD Domain Services managed domain, the service is available within your selected virtual network until you delete the managed domain. There’s no way to pause the service. Billing continues on an hourly basis until you delete the managed domain.