Forum Discussion

Admin O365's avatar
Admin O365
Brass Contributor
Oct 18, 2019

Can One Azure VNet support 2 different AD Forest?

 
Is it Possible to have 2 different AD forest part of same Azure VNet?
 
Example:
Current Onpremise Domain controllers:

domain controller 1: abc.com

domain contoller 2: xyz.com

 

I`m extending the AD to Azure and is it possible to have the the IP address of both added to the Azure DNS (custom)

Or to have to a separate VNet for domain controller 2: xyz.com?

 

Any assistance will be deeply appreciated.

  • CraigWilson_'s avatar
    CraigWilson_
    Brass Contributor

    Admin O365 

     

    You can run two forests in a single VNET but you need to use your DC's as DNS. When a DC in a domain starts it uses DNS to find all the DC in the domain. If you are using a single DNS like Azure DNS to manage your vnet names, then one forest will not work correctly.

     

    Best to set the DNS manually on the VM's NICs.

     

  • Bryan Haslip's avatar
    Bryan Haslip
    Iron Contributor

    I would love to understand the business case for doing it that way. Is it simply to avoid paying for more than on VPN Gateway? Even if you needed those two domains to talk to each other you could do VNET peering to allow that to take place. You could certainly manage the DNS on the NIC's themselves in the VM's but that is not best practice. Also depending on how many resources you deploy that could get tricky to manage. I would suggest deploying a second VNET to accomplish this over managing the DNS at the VM level and even over a second subnet on the same VNET. Admin O365 

Resources