25,081 questions
It would be the same as with ADDS, you would need to connect your remote devices via VPN to the Azure virtual network where the Azure AD DS deployment is located.
How to remotely users join the domain When we use Azure AD DS ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 51%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
MOHAMMAD KHAN
1
Reputation point
We want to deploy active directory domain services in our organization and we have already configured a Azure AD DS but how do I remotely connect users' devices to Azure ADDS?
On-prime ADDS server, we install the remote access role and join the domain to the users via VPN.
Microsoft Security Microsoft Entra Microsoft Entra ID
2 answers
Sort by: Most helpful
-
Alan Kinane 16,951 Reputation points MVP Volunteer Moderator2022-01-04T12:33:02.523+00:00 -
MOHAMMAD KHAN 1 Reputation point
2022-01-04T13:03:32.297+00:00 Okay Perfect.
We have O365 users and when I configure Azure AD DS and login with AAD DC domain administrator in windows server then I found all the O365 users are showing in AADDC user but when I install remote access (VPN) role in Windows server manager the O365 users are not able to connect with VPN and when I open the users properties I am not able to select allow-access in Dial-in option.
-
Alan Kinane 16,951 Reputation points MVP Volunteer Moderator
2022-01-04T13:14:54.15+00:00 I think you will need to deploy a VPN gateway in Azure so that your users can establish a point-to-site connection to your Azure environment - https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-create-gateway-portal
Then you can use the Azure AD VPN client to authenticate your users - https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-client
-
MOHAMMAD KHAN 1 Reputation point
2022-01-04T13:29:19.283+00:00 Why do we use VPN Gateway, we have to pay for it, while we have the option of Remote Access Role in Windows Server Manager. https://www.sciencedirect.com/topics/computer-science/remote-access-role
-
Alan Kinane 16,951 Reputation points MVP Volunteer Moderator
2022-01-04T14:00:50.923+00:00 RRAS is technically not supported in Azure. I'm not saying you can't do it, but Microsoft will not support this scenario as far as I am aware. The recommended approach would be to deploy a VPN gateway which will allow you to use site-to-site and/or point-to-site connections (VPN clients). You would not need public IP addresses for each user, just one for the gateway itself.
-
MOHAMMAD KHAN 1 Reputation point
2022-01-04T16:38:32.143+00:00 Could you please share the price of VPN Gateway for more than 200 users ?
-
Alan Kinane 16,951 Reputation points MVP Volunteer Moderator
2022-01-04T17:07:05.997+00:00 You can look up the pricing here: https://azure.microsoft.com/en-us/pricing/details/vpn-gateway/
You will need a VpnGw1 SKU (or higher) if you want Azure AD (OpenVPN) support
-
MOHAMMAD KHAN 1 Reputation point
2022-01-05T05:19:44.597+00:00 I have some more question.
Can we apply GPO in Azure AD DS same as on-prime or is there some limitation?
If we apply GPO on AADDC, then apart from all those users, GPO will also be applied on AADDC administrator, then how we will be able to work with admin role on Windows Server.
-
MOHAMMAD KHAN 1 Reputation point
2022-01-05T06:52:06.827+00:00 Today I tested by configuring VPN Gateway, the domain is being joined in it but when we are login with Azure AD users in local laptop then login is getting failed.
-
Siva-kumar-selvaraj 15,721 Reputation points2022-01-07T17:24:58.597+00:00 Probably, Azure AD DS doesn't have the password hashes so make sure you refer to the steps detailed here.
Sign in to comment -
-
Siva-kumar-selvaraj 15,721 Reputation points
2022-01-04T13:01:44.403+00:00 Hello @MOHAMMAD KHAN ,
Yes, joining a machine within the same network must works, you need to setup VPN connection to Azure virtual network where Azure AD DS is hosted. The only challenge I see in this scenario is, if the site-to-site VPN/P2S is down, your workstations will not be able to communicate with Azure ADDS Domain Controllers.
Refer to the following links for more details:
common use-cases and scenarios for Azure Active Directory Domain Services: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/scenarios
Create a Site-to-Site connection in the Azure portal : https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portalHope this helps.
-----
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.-
MOHAMMAD KHAN 1 Reputation point
2022-01-04T13:09:50.01+00:00 We have more than 100 users who work remotely how can we give Site-to-Site access to everyone on azure portal while we also need public IP of users to configure site-to-site VPN.
I think the better option is we have to install remote access role in windows server manager and it is free and we can add multiple users at a time.
Sign in to comment -