-1

I found this question, Creating a multi-tenant AD environment, and per it in 2014 this wasn't possible. However, new to Azure and maybe it's changed. Can you have multiple, separate directories within a single Azure tenant. I have a client that has subclients that each receive their own servers. I want the subclients to have their own directory without having to give them their own tenant.

Thanks, Brandon

Brandon
  • 29
  • 2
  • 4
  • that question referenced is not at all what you are asking about (at least according to your answer). Azure AD is not the same as AD. You can always host any number of servers in Azure running any number of roles. – Jim B May 11 '18 at 19:25

2 Answers2

1

A think I've found the way to do this, and would love comment from anyone that has. There is an Azure AD Domain Services offering that can be set up to create AD infrastructures independent from the tenant's .

https://azure.microsoft.com/en-us/services/active-directory-ds/

Brandon
  • 29
  • 2
  • 4
  • So you don't want separate AAD units you just want individual AD's owned by the same parent – Jim B May 11 '18 at 19:15
  • I was planning at first to have separate AAD units. So different directories within Azure AD but under the same tenant. This is what I can't find a way to do. However, the end goal is just to have separate directories that don't touch. I didn't know there was an AD DS PaaS offering that was separate from Azure AD, which I think will give me the result I want without having to spin up a lot of independent virtual machines and installing AD on them all. – Brandon May 11 '18 at 19:47
0

Azure AD DS won't do what you want. Firstly you can only have 1 instance of AAD DS, secondly, AAD DS replicates the data from AAD. You can add users to AAD DS directly, but unless they are in the right location you won't see them in AAD.

It's not overly clear what you want to achieve here, but in reality with AAD, the only way you will do this is to have a Tenant for each client, or have all clients share one Tenant (and the possible security issues that goe with that). If you have a Tenant per client, you can still add users from another Tenant, so if your concern is adding management or support users from your Tenant, you can still do this.

Sam Cogan
  • 38,158
  • 6
  • 77
  • 113
  • Thanks all. That's what I feared but my boss told me he thought it could be done so wanted to do as some due diligence before I went back to him. – Brandon May 13 '18 at 14:54