I can telent to port 53 from Azure AD01 to on_prem DC01.  I cannot telnet to port 137.

However, I turned off NetBIOS in the NIC on DC01 per some instructions I read.

Let me turn it back on and see if that resolves the telnet to 137 issue.

Well, yes.  About that.  A couple things.  First, I DID create a Site, I assigned the appropriate subnet, but I did NOT assign the server.  Because there was no server called AD01 joined to the domain at the time I created the site.

Second, I did NOT try to join AD01 to the domain before I tried to install ADDS and DCPROMO it up.  Why not?  Dunno, just didn't.  So, I blew away that server and re-created it.  I joined it tothe domain first (it worked), then I ran ADDS, then I DCPROMO'd it up, and BOOM!   New AD DC and DNS Server.  I added the DNS Server address hosted in Azure to the Virtual Network, rebooted both servers to get the new DNS adddress listed in the NICs, then... couldn't replicate from Azure to on_prem.

THEN I added the AD01 server to the Site I created in AD Sites and Services.  At which point everything replicated and I became a happy camper.  So, excellent point, JIDE, thank you.

While I fixed this issue myself, I will give you both credit as both of you addressed 2 separate but valid issues you cna have while trying to join across a VPN.

Thank you both for responding.

Kurt

Apparently I cannot have TWO best answers.  Ah well.

@Kurt Johnson 

Good day. I have an ON-Prem environment running on a Hyper-V Hyper Visor (Windows Server 2019) with two network adapters. One for Internet and one from my firewall (Fortigate)

I created a Domain on Prem and synchronized it with AD Connect to Office 365 for my users etc. I also synced my custom domain to Office 365 and on prem.

I then created a site to site VPN to Azure from on Prem and it is connected, my goal is to join the Windows 10 Client I created in Azure to my on prem domain but I cannot due to DNS settings. I am able to ping the domain controller, its ip address and do a nslookup and vice versa. My site to site vpn in the firewall has nat enabled.

My Azure environment has two virtual networks that are peered to each other. One VNET has the VPN created in it, the other one is in another region because I could not deploy reseources or vms in my VPN region (South Africa North) so I had to peer it for my vm to get connected. Please assist. 

On prem configs: 

IP Address: 10.70.20.20

DNS Server: 172.10.0.10

No DHCP, cause its connected to my on prem networjk

Azure environment: VNET DNS SERVERS: 172.10.0.10

client vm ip : 10.1.0.4

DNS SERVER : 172.10.0.10

I have SVR records and DNS installed on prem but stilll cant get client to connect to my domain. Please assist

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "YASEEN-DC.YASEEN.LOCAL":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.YASEEN-DC.YASEEN.LOCAL

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

8.8.8.8
172.10.0.10

- One or more of the following zones do not include delegation to its child zone:

YASEEN-DC.YASEEN.LOCAL
YASEEN.LOCAL
LOCAL
. (the root zone)

PS C:\Users\yaseen.abrahams> ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
PS C:\Users\yaseen.abrahams>  Get-DnsClientServerAddress

InterfaceAlias               Interface Address ServerAddresses
                             Index     Family
--------------               --------- ------- ---------------
Ethernet                             5 IPv4    {172.10.0.10, 8.8.8.8}
Ethernet                             5 IPv6    {}
Loopback Pseudo-Interface 1          1 IPv4    {}
Loopback Pseudo-Interface 1          1 IPv6    {fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3}


PS C:\Users\yaseen.abrahams> Resolve-DNSName yaseen.local

Name                                           Type   TTL   Section    IPAddress
----                                           ----   ---   -------    ---------
yaseen.local                                   A      600   Answer     208.91.112.55
yaseen.local                                   A      600   Answer     208.91.112.55

PS C:\Users\yaseen.abrahams> Resolve-DNSName _ldap._tcp.dc._msdcs.yaseen.local

Name                        Type TTL   Section    PrimaryServer               NameAdministrator           SerialNumber
----                        ---- ---   -------    -------------               -----------------           ------------
yaseen.local                SOA  3600  Authority  yaseen-dc.yaseen.local      hostmaster.yaseen.local     45