According to this Microsoft support doc, what I am trying to do is supported:
But I am unable to join a VM (Server 2016) to my AAD domain - even though Azure AD Domain Services associated with the domain has been set up successfully.
The above article suggests these troubleshooting steps:
- Ensure that the virtual machine is connected to the same virtual network as that you've enabled Domain Services in. If not, the virtual machine is unable to connect to the domain and therefore is unable to join the domain.
Done - the VM is active on the correct network and can ping other VMs successfully
- If the virtual machine is connected to another virtual network, ensure that this virtual network is connected to the virtual network in which you've enabled Domain Services.
This is not necessary, the VM is on the same network as Domain Services
- Try to ping the domain using the domain name of the managed domain (for example, 'ping contoso100.com'). If you're unable to do so, try to ping the IP addresses for the domain displayed on the page where you enabled Azure AD Domain Services (for example, 'ping 10.0.0.4'). If you're able to ping the IP address but not the domain, DNS may be incorrectly configured. You may not have configured the IP addresses of the domain as DNS servers for the virtual network.
I can not ping (no reply) the 2x DNS server IPs that were auto configured during Domain Services setup.
I also cannot resolve the domain (ping x.com) - it cannot be found.
The implication is that DNS is not running at the IP addresses that were auto configured and supplied via Domain Services setup, or that comms is not possible with these 2x DNS servers.