Azure AD Domain Services

Use Azure Active Directory (Azure AD) Domain Services to migrate legacy apps from on-premises to a managed domain, without the need to manage the environment in the cloud.

What is Azure AD Domain Services?

Use managed domain services—like domain join, group policy, LDAP, and Kerberos authentication—without having to deploy, manage, and patch domain controllers in the cloud.

Azure AD Domain Services integrates with Azure AD

Let users sign in to services and apps connected to the managed domain using existing Azure AD credentials. Secure access and migrate on-premises resources to Azure with existing groups and user accounts.

Your domain controller as a service

Run legacy apps in the cloud when modern authentication methods are not supported and migrate these apps to a managed domain without the need to deploy, manage, or update domain controllers in the cloud.

Use managed domain services on Azure

Use Azure AD Domain Services to join Azure virtual machines to a domain without having to deploy domain controllers. Sign in to virtual machines and access resources using Azure AD credentials.

Migrate on-premises apps to Azure

Move legacy, directory-aware apps running on-premises to Azure, without having to worry about identity requirements.

Deploy in minutes with enterprise-grade performance

Quickly enable Azure AD Domain Services for your Azure AD tenant, select your performance level, and take advantage of enterprise-grade features such as resource forests and daily backups.

Get enterprise scale and SLA

Take advantage of enterprise-grade scale and reliability. Azure AD Domain Services is a highly available service hosted in globally distributed datacenters.

Take a deep dive into Azure AD Domain Services

Additional Azure AD Domain Services resources

How-to guides

See step-by-step guides for configuring Azure AD Domain Services.


Learn how to deploy Azure AD Domain Services.

Code Samples

Find code samples to jumpstart your deployment.

Compare identity services

Understand the differences between self-managed Active Directory Domain Services, Azure AD, and managed Azure AD Domain Services.

Safeguard your organization with a seamless identity solution

A managed domain is configured to perform a one-way synchronization from Azure AD to provide access to a central set of users, groups, and credentials. Once synchronized, resources can be created directly in the managed domain but aren’t synchronized back to Azure AD. Apps, services, and virtual machines in Azure that connect to the managed domain can then use common Azure AD Domain Service features. In a hybrid environment with an on-premises AD environment, Azure AD Connect synchronizes identity information with Azure AD, which is then synchronized to the managed domain.