Share via

Entra Domain Services and subnet

Zuuber 100 Reputation points
2024-07-26T13:08:18.6633333+00:00

I am attempting to create Microsoft Entra Domain Services
I have created a VNET with address space 10.35.0.0/16
I have created a subnet with address space 10.35.2.0/24

But when creating the domain and attempting to assign the domain services to the subnet the subnet has "(undefined)" next to it and there is text which states "Your subnet should contain one of the private IP Address Spaces: 192.168.0.0/16, 172.16.0.0/12, or 10.0.0.0/8. While you can create public IPs, we recommend considering the associated risks before proceeding."

Im not able to continue, the message suggests my IP range is not private but it is.
What am i missing?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,311 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,628 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sina Salam 7,441 Reputation points
    2024-07-26T16:14:25.01+00:00

    Hello Zuuber,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    Problem

    I understand that you are having issue while setting up Microsoft Entra Domain Services. The error message you received indicates that your subnet's IP range is not recognized as a private address space.

    Solution

    To resolve these challenges, the below are suggested points to double-check or review:

    1. Ensure that you've specified the subnet address space in the correct format using Classless Inter-Domain Routing (CIDR) notation. For example, if your virtual network has an address space of 10.0.0.0/16, you might define a subnet address space like 10.0.0.0/22. The smallest range you can specify is /29, which provides eight IP addresses for the subnet. https://learn.microsoft.com/en-us/entra/identity/domain-services/troubleshoot-alerts.
    2. Though, your subnet's address space (10.35.2.0/24) is indeed a private range, so it should be valid. However, let's double-check other settings, start from Azure Region and Virtual Network:
      1. Ensure that your managed domain and virtual network are deployed in the same Azure region.
      2. Verify that the region supports Microsoft Entra Domain Services.
      3. Consider proximity: Keep your core applications close to or within the same region as the virtual network subnet for your managed domain to minimize latency.
    3. Microsoft Entra Domain Services provides its own DNS service. Make sure your virtual network is configured to use these DNS service addresses. Name resolution for additional namespaces can be achieved using conditional forwarders.
    4. You can use virtual network peering or virtual private network (VPN) connections between Azure virtual networks. These options allow communication between different virtual networks.
    5. If the issue persists, consider deleting your existing managed domain and recreating it in a virtual network with a private IP address range. Note that this process is disruptive, as the managed domain will be unavailable, and any custom resources (such as OUs or service accounts) will be lost. https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-create-instance

    Accept Answer

    I hope this is helpful! Do not hesitate to let me know if you have any other questions.

    ** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.

    Best Regards,

    Sina Salam

    0 comments