Azure adds o365 and aadds on same domain

Ivo Lindner 1 Reputation point
2022-04-11T08:14:42.137+00:00

HI iam pretty new to Azure and wanted to implement Azure ADDS for ldap authentification for example wpa2 enterprise and vpn.

Our setup :

We are completly on O365 so nothing on premise our standard domain for email is our own mycompany.com

Now i folowed the microsoft tutorial to setup Azure adds and used the same domain we use in our O365 mycompany.com I bought a certificate and enabled secure ldap But if i generate a new user/ reset a password for an existing user in o365 the user is not synced Or iam i just blind where can i review the users which are already synced

Is that even possible or do i need a subdomain like aads.mycompany.com or cant i ad a subdomain in o365

Will the users even sync to the aadds with the same domain.

I will be greatfull for advice

Azure Active Directory Domain Services

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Siva-kumar-selvaraj 15,156 Reputation points
    2022-04-18T20:34:05.873+00:00

    Hello @Ivo Lindner ,

    Thanks for reaching out and apologize for the delayed response.

    From your question understand that you have configured Azure AD DS for your environment and enable to access and wondering how to verify if specific users has synchronized to the managed domain.

    Ideally, when Azure AD managed domain services enabled, by default, all users and groups from an Azure AD directory are synchronized to a managed domain. So, for cloud-only user accounts, users must change their passwords, wait for 15 minutes before they can use Azure AD DS and here is detailed explanation on why users need to change their password once AADDS was setup.

    so, if you have created managed domain say mycompany.com then user object would be synchronized to the AADDS with the UPN format, such as user@mycompany.com and SAMAccountName format like mycompany\user.

    Therefore, would request you to verify if any of below cause the issue for your environment while accessing managed domain with secure LDAP also here is detailed guidance on how to troubleshoot secure LDAP connectivity issues to an Azure Active Directory Domain Services managed domain.

    Scoped synchronization: If you are using scoped synchronization then make sure user is part of group is part of AADDS sync scope. Reference: Scoped synchronization overview.
    NTLM password hash synchronization: If NTLM password hash synchronization disabled on your managed domain, then users (and service accounts) can't perform LDAP simple binds. For more information on disabling NTLM password hash synchronization, see Secure your managed domain.
    Cloud-only environments with no on-premises synchronization

    Additionally, in order to verify if user account has synchronized successfully, you can try to join windows server VM with managed domain from azure, which is part of same VNET where AADDS hosted, and then you can open Active Directory Users and Computers (dsa. msc) console to verify if given user sync from AAD to AADDS (usually it would be under AADDC OU shown below) also you can use pwdLastSet attribute user properties to verify last password set time stamp for the user.

    193993-image.png

    193889-image.png

    -----
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.