Need help with Azure AD Domain Services

Question

Need help with Azure AD Domain Services

JM Wee 1

Hello,

Need some help and guidance on this, I recently join my new company that has a Azure AD Domain Services resources in Azure Portal. Currently it has some alerts regarding the LDAP certificate which has expired since May this year. We are paying the standard plan for our AADDS but I highly think that this has been setup before but wasn't really gone into production and I think this was not being used at the moment. I wanted to scrap or delete this resources but I wanted to make sure that it won't break anything.

I am new to this AADDS and need some advise what I need to check carefully to make sure we are not using this service? Below are some information that might help understand our env.

-We don't have on-prem AD, we only have Azure AD for our O365 accounts.
-We don't have any resources in Azure like VM, SQL, etc except for this Azure AD Domain Services.

Hope someone can able to guide me on this.

Thanks,
JM

Siva-kumar-selvaraj 15,156 Reputation points

2021-11-17T21:04:56.717+00:00

@JM Wee , I'm just checking in to see whether the answer was helpful. If this solves your question, don't forget to click "Accept the answer" and Up-Vote so that other community members viewing this topic can benefit from it as well. Please let us know if you have any more questions.

Siva-kumar-selvaraj 15,156 Reputation points

2021-11-17T21:04:56.717+00:00

@JM Wee , I'm just checking in to see whether the answer was helpful. If this solves your question, don't forget to click "Accept the answer" and Up-Vote so that other community members viewing this topic can benefit from it as well. Please let us know if you have any more questions.

Answer 1

Hello @JM Wee ,

Thanks for reaching out.

Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos / NTLM authentication. Azure AD DS integrates with your existing Azure AD tenant, which makes it possible for users to sign in using their existing credentials.

I would recommend that you review these typical use-cases and scenarios for Azure Active Directory Domain Services to ensure that none of them are applicable to your environment.

However, based on the information you provided above, it appears that none of the Azure resources are in use, therefore you may safely delete it. Here's a step-by-step guide on how to remove Azure AD DS.

Azure AD Domain Services simply syncs with what is manages through the Microsoft 365 portal. A managed domain is configured to perform a one-way synchronization from Azure AD/M365 to Azure AD DS which provide access to a central set of users, groups, and credentials. Therefore, if you encounter any problems after deletion, you can easily rebuild Azure AD DS, which will synchronize from Azure AD.

Hope this helps.

------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

JM Wee 1

Thank you so much for the respond, one last thing I needed to confirm is does Azure AD DS has any relation to any SAML or SSO for authentication?

Siva-kumar-selvaraj 15,156 Reputation points

2021-11-17T07:39:48.907+00:00

No, Azure AD DS doesn't have any relation to modern authentication protocols such as SAML, OAUTH or OIDC SSO.

------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Siva-kumar-selvaraj 15,156 Reputation points

2021-12-09T06:24:10.937+00:00

@JM Wee ,

I wanted to check in with you and see if you had any other questions. We appreciate your time and understanding while we worked through this issue.

---
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Need help with Azure AD Domain Services

2 answers

Activity