Can I run a domain controller on an Azure VM?
Yes, fully supported by Microsoft. You need a few specific settings, otherwise you get strange replication and performance issues.
Try this first
- 1VM size: pick a D-series or E-series with premium SSD for the OS disk and a separate data disk for NTDS.dit, SYSVOL and logs.
- 2Disable host caching on the NTDS disk (write caching). DCs expect write-through; otherwise you can get USN rollback on crashes.
- 3Static IP via the Azure NIC, not in Windows. In Azure the IP is set at VNet level; doing it in Windows loses the proper DNS config.
- 4VNet DNS settings: set the DC itself as primary DNS for the VNet, plus a second DC somewhere (cloud or on-prem via VPN/ExpressRoute).
- 5Backup and patching: as on-prem, but via Azure Backup (System State or VM-level). Don't rely on Azure snapshots alone.
When to bring us in
For hybrid setups: deploy VPN or ExpressRoute to on-prem and place the Azure DC in its own AD Site with appropriate link cost. Otherwise it skews client locator choices.
See also
- One DC or two DCs for an SMB office?Two is almost always the right answer; one DC is a single point of failure for logon, DNS and GPOs.
- Should I split FSMO roles across two DCs?For a small domain all on one DC is fine; with two DCs splitting is tidier but not required.
- How do I know my AD replication is healthy?Replication errors creep in silently; they only surface when logins or GPOs misbehave.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.