Fully support AzureAD Join with AzureADDS regarding Kerberos
In a classic hybrid Scenario (ADDS DCs synched with AzureAD), AzureAD joined devices get a Kerberos Ticket form a DCs if a DC is reachable through the network.
When doing the same thing using AzureAD and AzureAD Domain Services, AzureAD joined Devices never get a Kerberos Ticket from AzureAD Domain Services since this is currently not supported. (Case 116070414368551)
Regarding AzureAD Join, it would be very useful if AzureAD Domain Services would behave similar like classical ADDS DCs and deliver Kerberos Tickets to AzureAD Joined devices.
Mike Stephens commented
AAD DS is an extension AAD that provides support for legacy applications that use Kerberos, NTLM, LDAP, and other legacy protocols. The use case you describe involves federating Azure AD DS, which is not in scope for Azure AD DS and implies Azure AD DS replacing on-premises AD DS. That is not the case. Azure Active Directory is the eventual replacement for on-premises Active Directory, and Azure AD Domain Services provides legacy protocol support for apps that still need Kerberos, NTLM, or LDAP
Senior Program Manager
Azure Fabric | Domain Services