Need help with Azure AD Domain Services

JM Wee 1 Reputation point


Need some help and guidance on this, I recently join my new company that has a Azure AD Domain Services resources in Azure Portal. Currently it has some alerts regarding the LDAP certificate which has expired since May this year. We are paying the standard plan for our AADDS but I highly think that this has been setup before but wasn't really gone into production and I think this was not being used at the moment. I wanted to scrap or delete this resources but I wanted to make sure that it won't break anything.

I am new to this AADDS and need some advise what I need to check carefully to make sure we are not using this service? Below are some information that might help understand our env.

-We don't have on-prem AD, we only have Azure AD for our O365 accounts.
-We don't have any resources in Azure like VM, SQL, etc except for this Azure AD Domain Services.

Hope someone can able to guide me on this.


Azure Active Directory Domain Services
{count} votes

2 answers

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,156 Reputation points

    Hello @JM Wee ,

    Thanks for reaching out.

    Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos / NTLM authentication. Azure AD DS integrates with your existing Azure AD tenant, which makes it possible for users to sign in using their existing credentials.

    I would recommend that you review these typical use-cases and scenarios for Azure Active Directory Domain Services to ensure that none of them are applicable to your environment.

    However, based on the information you provided above, it appears that none of the Azure resources are in use, therefore you may safely delete it. Here's a step-by-step guide on how to remove Azure AD DS.

    Azure AD Domain Services simply syncs with what is manages through the Microsoft 365 portal. A managed domain is configured to perform a one-way synchronization from Azure AD/M365 to Azure AD DS which provide access to a central set of users, groups, and credentials. Therefore, if you encounter any problems after deletion, you can easily rebuild Azure AD DS, which will synchronize from Azure AD.

    Hope this helps.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  2. JM Wee 1 Reputation point

    Thank you so much for the respond, one last thing I needed to confirm is does Azure AD DS has any relation to any SAML or SSO for authentication?