Knowledge Base

---

Search by either entering keywords/KB_ID or by selecting a category.

KB ID: 5947

Product: WS5020 IoT 2019

Join a WS5020 IoT to Microsoft Entra Domain Services (Azure AD DS)

Last Updated: 09/08/2025

Applies to TeraStation WS5020 IoT series

Prerequisites
•    Deployment: Microsoft Entra Domain Services (formerly Azure AD DS)  is deployed in an Azure Virtual Network (VNet).
•    Network Connectivity: Establish a secure connection (e.g., Site-to-Site VPN) between your on-premises network and the Azure VNet hosting Azure AD DS.

Reference
Tutorial: Create and configure a Microsoft Entra Domain Services managed domain
Tutorial: Create a site-to-site VPN connection in the Azure portal

Ensure Network and Time Synchronization
1.    Ensure the NAS uses DNS servers capable of resolving the Azure AD DS domain (either via on-prem DNS with conditional forwarding or by directly using Azure AD DS DNS IPs).

2.    Ensure the NAS synchronizes time with the same NTP servers used by Azure AD DS (e.g., time.windows.com). This prevents Kerberos authentication issues.

Join the NAS to Azure AD DS

1.    Open Server Manager > Local Server.  Click Workgroup.
 
2.    Click Change.

3.    Select Domain and enter your Azure AD DS domain name.

4.    Provide credentials for an account synchronized to Azure AD DS (e.g., a user in the Azure AD DC Administrators group).

 
5.    Restart the server when prompted.

Troubleshooting:
•    Ensure the site-to-site VPN is operational and the on-premises server can communicate with the Azure VNet hosting Azure AD DS.
•    Test connectivity using "Test-NetConnection" Powershell command or ping to an Azure VM in the same VNet (if applicable).