Hello Zuuber,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
Problem
I understand that you are having issue while setting up Microsoft Entra Domain Services. The error message you received indicates that your subnet's IP range is not recognized as a private address space.
Solution
To resolve these challenges, the below are suggested points to double-check or review:
- Ensure that you've specified the subnet address space in the correct format using Classless Inter-Domain Routing (CIDR) notation. For example, if your virtual network has an address space of
10.0.0.0/16
, you might define a subnet address space like10.0.0.0/22
. The smallest range you can specify is/29
, which provides eight IP addresses for the subnet. https://learn.microsoft.com/en-us/entra/identity/domain-services/troubleshoot-alerts. - Though, your subnet's address space (10.35.2.0/24) is indeed a private range, so it should be valid. However, let's double-check other settings, start from Azure Region and Virtual Network:
- Ensure that your managed domain and virtual network are deployed in the same Azure region.
- Verify that the region supports Microsoft Entra Domain Services.
- Consider proximity: Keep your core applications close to or within the same region as the virtual network subnet for your managed domain to minimize latency.
- Microsoft Entra Domain Services provides its own DNS service. Make sure your virtual network is configured to use these DNS service addresses. Name resolution for additional namespaces can be achieved using conditional forwarders.
- You can use virtual network peering or virtual private network (VPN) connections between Azure virtual networks. These options allow communication between different virtual networks.
- If the issue persists, consider deleting your existing managed domain and recreating it in a virtual network with a private IP address range. Note that this process is disruptive, as the managed domain will be unavailable, and any custom resources (such as OUs or service accounts) will be lost. https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-create-instance
Accept Answer
I hope this is helpful! Do not hesitate to let me know if you have any other questions.
** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.
Best Regards,
Sina Salam