What does it mean by adding a custom domain name?

Kei Moon 151 Reputation points
2021-03-02T05:50:15.123+00:00

I understand that if I add a custom domain name, I can create users with the added custom domain name suffixed. Currently, we have a vNet with VMs and AADDS has been using an initial domain name, say abc.onmicrosoft.com. There are users in AAD with user_names@jaswant .onmicrosoft.com. Now we are about to create another vNet which requires a custom domain name, say contoso.com. If I add a custom domain name in AAD, does it mean that I am adding a new domain and new VMs I am creating will be able to join the domain, contoso.com? If so, can AAD have multiple domains?

Microsoft Entra
0 comments No comments
{count} votes

Accepted answer
  1. Siva-kumar-selvaraj 15,601 Reputation points
    2021-03-05T06:19:01.603+00:00

    Hi @Kei Moon ,

    Yes, adding a custom domain name is not adding a new domain to AADDS. Therefore, New VMs after adding the custom domain, "contoso.com", will still have to join to the domain of "abc.onmicrosoft.com" (initial managed domain name which was configured during AADDS creation).

    However, user would still able to login to VMs with custom name created in Azure AD say user@Company portal .com, because contoso.com would be added as alternative suffix name in ADDDS. Please find below screenshot from my lab whereas my AADDS name is "contoso.com" and users with different custom domain name say "rac@siva selvam .xyz".

    when I joined Azure VMs with AADDS

    74691-image.png

    User with different custom Domain Name:
    74638-image.png

    Hope this helps.

    ------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,601 Reputation points
    2021-03-03T11:49:11.337+00:00

    Hello @Kei Moon ,

    Thanks for reaching out.

    You can only create a single managed domain by AADDS (Azure AD Domain Services) for a single Azure AD directory. If you would like to change managed domain for VMs to join with new domain, then only way is to delete and recreate AADDS with new name, say contoso.com.

    In addition to that adding "custom domain name in AAD as per this aticle" does not mean adding a new domain for VMs.

    It would be great, if you could elaborate more what do you mean by "create another vNet which requires a custom domain name, say contoso.com. " ? because, it only ask DNS server name whereas I don't get option to mentioned custom domain while created a new VNet.

    Hope below guidelines help to select appropriate manage domain name for AADDS. Please correct me if I misunderstand your ask. Thanks.

    Guidelines for picking a DNS domain name: (To learn more about AADDS, read this article).

    o Built-in domain name: By default, the wizard specifies the default/built-in domain name of the directory (with a .onmicrosoft.com suffix) for you. We do not recommend using this name if you are choosing to use secure LDAP.
    o Custom domain names: You can also type in a custom domain name.
    o Non-routable domain suffixes: We generally recommend avoiding a non-routable domain name suffix. For instance, it is better to avoid creating a domain with the DNS domain name ‘contoso.local’. The '.local' DNS suffix is not routable and can cause issues with DNS resolution.
    o Domain prefix restrictions: The prefix of your specified domain name (for example, contoso100 in the contoso100.com domain name) must contain 15 or fewer characters. You cannot create a managed domain with a prefix longer than 15 characters.
    o Network name conflicts: Ensure that the DNS domain name you have chosen for the managed domain does not already exist in the virtual network. Specifically, check whether the domain name conflicts with any of these scenarios:
    o You already have an Active Directory domain with the same DNS domain name on the virtual network.
    o The virtual network where you plan to enable the managed domain has a VPN connection with your on-premises network. In this scenario, ensure you don't have a domain with the same DNS domain name on your on-premises network.
    o You have an existing cloud service with that name on the virtual network.

    ----------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.