It’s been in preview for roughly a year, but Azure Active Directory Domain Services is now generally available. It definitely opens up some interesting integration between Azure IaaS and Azure AD, and is one of the considerations to take into account when planning out your Azure subscriptions and AAD namespace planning. It still currently is only exposed directly to classic virtual networks in Azure, but you can easily connect it to an ARM virtual network.

If you need more information on the virtual network requirements, take a look at Networking considerations for Azure AD Domain Services which covers Network Security Groups, subnets and port requirements, as well as having links to several other critical articles.

Now generally available, Azure Active Directory Domain Services general availability pricing will begin on December 1, 2016. The original pricing model, proposed during public preview, included three prices based on number of directory objects: 0–5,000, 5,000–25,000, and 25,000–100,000. Now we are combining the first two tiers into a single price point for all directories with under 25,000 objects and lowering the price by 25 percent. If your directory size is under 25,000 objects, you will continue to see usage listed against “S2 Domain Services Hours” on your invoice until December 1, 2016. After that, it will be renamed “S1 Domain Services Hours.” If your directory size is between 25,000 and 100,000 objects, you will see usage listed against “S3 Domain Services Hours” on your invoice until December 1, 2016, after which it will be renamed “S2 Domain Services Hours.” For more information, please visit the Azure Active Directory Domain Services Pricing webpage. To learn more about Azure Active Directory Domain Services, please visit the Azure Active Directory Domain Services webpage. Azure Active Directory Domain Services can provide scalable, high-performance, managed services such as domain-join, LDAP, Kerberos, Windows Integrated Authentication, and Group Policy support.