Azure Active Directory Domain Services Limitations

I work with Azure Active Directory (AAD) and enabled the Domain Services (AAD DS) feature to manage all my virtual machines and user-accounts. Domain Services is basically a Windows Domain Controller (in fact there are two of them), which provides Domain Join, LDAP and Authentication for your cloud hosted network and machines.

As a result, all users in the AAD can login to the Windows machines by using their AAD-Account.

From the documentation ( Your domain controller as a service
  • “Lift-and-shift” apps to Azure more easily than ever
  • Use LDAP, Active Directory domain join, NTLM, and Kerberos authentication
  • Rely on a managed, highly-available service
  • Get started in minutes, pay as you go
  • Develop and test with no identity worries
  • Manage Azure virtual machines effectively using Group Policy
I use the following setup, often referred as "cloud-only organizations"

Known Limitations

While still in the preview phase, I would like to point out some specific issues that I think should be known before using Azure Active Directory Domain Services. Some of them are by design, others are hopefully subject to change.

Mixed Up Accounts

Missing Mapping Information

Deleted Accounts Issue

As long as there is a account with the same UserPrincipalName in the Tenant, the newer accounts doesn't get synced correctly. The deleted accounts needs to be deleted completely from the AAD. --> WIKI LINK

User Name Length

Account Expiration


Popular posts from this blog

Home Assistant in Docker with Nginx and Let's Encrypt on Raspberry Pi

Use Bodmer TFT_eSPI Library with PlatformIO

Migrating from Arduino IDE to Visual Studio Code to PlatformIO