trying to setup LDAPS

Copper Contributor


Not sure if I am in the correct conversation channel.

We have Office365. 50% of our users are on premise, synced with Azure AD sync (formally dirsync) and 50% are cloud users. Everyone is therefore on Azure AD.

We want to setup LDAPS on Azure to allow authentication from an external authorised VPN server for all our users.

We followed the intructions from but when we hit Task 3, we found out that there is no default Azure Domain Services.

Is it normal or are there additional steps?

Is setting up LdapS when only using Office365 possible? if yes, are we following the correct documentation?

We are scared to manually add the AD Domain Service in Azure for our domain name, if it was not there, as it might screw up all our Office365 users and credentials


Could someone please put us in the right direction? Thanks in advance

5 Replies

You need to log into the Azure portal with your tenant admin credentials,

then go to all services (top left) then type in "domain" you will see "azure AD domain services"

You will then need to "create azure ad services"

This will not affect office 365

Thanks Mitch
Yes, I realised that we need to create the AD services, but we do not know if it will create a separate AD, or/and take over the one that contain all our Office365 users (some synced one way from premise, some on the cloud only)
Thanks Mitch

So, adding the AD domain will just make ldap available to be able to authenticate our current users that are on Office365? It will not create it own AD (with separate users/groups) or/and take over the users on Office365?
Still nervous!

Absolutely, here is a screenshot of my domain services as you can see there are no users or groups settings here as they are already synchronised from on-premises. Think of it as an extension to AAD that can have VM's joined to it, or LDAPS enabled, the user accounts are totally separate and my O365 is operating fine after enabling this. Note: if you already have Azure subnets and networks with virtual machines configured you will need to decide which subnet this is going to be on...