@Ryan P
Thank you for posting this in Microsoft Q&A.
You can administer managed domain using the same Remote Server Administration Tools (RSAT) as with an on-premises Active Directory Domain Services domain.
As Domain Services is a managed service, there are some administrative tasks that you can't perform, such as using remote desktop protocol (RDP) to connect to the domain controllers.
Members of the AAD DC Administrators group are granted privileges on the managed domain that enables them to do tasks such as:
- Configure the built-in group policy object (GPO) for the AADDC Computers and AADDC Users containers in the managed domain.
- Administer DNS on the managed domain.
- Create and administer custom organizational units (OUs) on the managed domain.
- Gain administrative access to computers joined to the managed domain.
The managed domain is locked down, so you don't have privileges to do certain administrative tasks on the domain. Some of the following examples are tasks you can't do:
- Extend the schema of the managed domain.
- Connect to domain controllers for the managed domain using Remote Desktop.
- Add domain controllers to the managed domain.
- You don't have Domain Administrator or Enterprise Administrator privileges for the managed domain.
To install Active Directory administrative tools you can check below article,
https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-create-management-vm#install-active-directory-administrative-tools
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.