Azure Domain Services Allow DHCP Authorization
Could you grant AAD DC Administrators DHCP Authorization rights so we can setup a DHCP server on a non-domain server and still have it register with DNS / AD records?
Currently this is blocked.
Mike you are completely inconsiderate. Please see Grumpy old man's comment and put your brains back into your head, you may be needing them... "we have not considered use case".
BSN Ben commented
We have a small set up and would like to use Azure AD as the identity authority.
There are some devices that can benefit from domain services but a formal domain is not deployed. The on-premise network needs domain services and the PaaS model of Azure AD DS is attractive.
Extending the Azure AD identity boundary to Azure AD DS in a downward flow to provide domain services to LAN equipment on premise is appealing, instead of deploying a full domain and then syncing Azure AD to it.
The goal would be to have an internal VNET that provides all domain services, provided by Azure AD DS. Branch offices would then connect to the VNET and provide shared domain services dispersed to all offices. It would also support Spokes in Azure.
A typical case would be to allow Azure AD DS to provide a Zone Transfer to a local firewall that provides normal network services for the office. The firewall already uses Azure AD DS services like LDAP for authentication.
The on-premise DHCP server can then provide DNS updates to Azure AD DS.
Grumpy Old Man commented
A use case could be on site DHCP server registering client A and PTR records to Azure AD DNS
Mike Stephens commented
The Azure Virtual Network assigns IP addresses to the devices on the virtual network. DHCP is a not a use case we've considered and mostly likely would not. But, I'm curious about the use case/scenario. We'll mark this Need-Feedback for the time being, If someone wants to build a compelling case, I'm willing to read about it.
Senior Program Manager
IAM Core | Domain Services