2,147 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 46%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENZ%3C/text%3E%3C/svg%3E)
In the end, we rolled our own domain controller environment using Azure virtual machines because Azure ADDS was too restrictive for our requirements.
It is possible to extend Azure Active Directory Domain Services domain controllers to another network for high availability?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 36%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENZ%3C/text%3E%3C/svg%3E)
Niels Ziegler
1
Reputation point
We are using Azure ADDS in a cloud-only tenant. There is no on-premise AD infrastructure.
Now another company is managing servers for us in their own Azure Tenant, and there will be a VPN site to site connection. Is it possible to extend Azure ADDS into the remote network, to allow domain joining their servers into our domain? In a classic setup I would have another DC running in the remote network replicating the AD objects. Since it is not possible to add more DCs to Azure ADDS, what other options do we have?
The reason would be, if the VPN connection goes down, users can still connect to the servers for maintenance without having to fall back to local accounts.
{count} votes
-
JamesTran-MSFT 36,541 Reputation points Microsoft Employee2021-01-13T21:44:48.66+00:00 @Niels Ziegler
Thank you for your post!Based off your question, and as you probably already know with AzureADDS, you can only create a managed domain in a single virtual network in Azure, and only one managed domain can be created per Azure AD tenant. Based on this architecture, you can try connecting application workloads hosted in other Azure virtual networks using either Virtual network peering or a VPN.
I'd recommend reviewing this documentation to see if it fits your needs, when it comes to Virtual network design considerations and configuration options for Azure Active Directory Domain Services.
I hope this helps!
If you have any other questions, please let me know. -
JamesTran-MSFT 36,541 Reputation points Microsoft Employee
2021-01-14T17:28:22.243+00:00 @Niels Ziegler
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue? -
Niels Ziegler 1 Reputation point
2021-01-19T13:14:03.737+00:00 Hi James Tran,
I do understand, that I can not extend the number of ADDS servers myself, but what other options do I have, if I wanted to extend this into a remote network, reachable through VPN? Would I be able to create a federated trust with another Azure ADDS instance in the other tenant with a different domain?
like Azure ADDS (contoso.com) VNET 1 -> VPN gateway -> Azure ADDS (fabrikam.com) VNET 1
Sign in to comment