Microsoft Security | Microsoft Entra | Other
Additional Microsoft Entra services and features related to identity, access, and network security
There is no way to tell if it is in use? a report or a log?
Microsoft Entra Domain Services - in resource group, is it being used for anything or can it be removed.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 4%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWB%3C/text%3E%3C/svg%3E)
William Beeley
20
Reputation points
The specific resource group contains cciproducts.com that is type Microsoft Entra Domain Services. I am not sure if this is actually being used for anything? How can we be sure before we remove it?
Microsoft Security | Microsoft Entra | Other
2 answers
Sort by: Most helpful
-
AI answer
2026-05-21T11:18:03.61+00:00 The highlighted
cciproducts.comresource is the Microsoft Entra Domain Services managed domain for the tenant. It provides domain join, LDAP, Kerberos/NTLM, and Group Policy to workloads in the associated virtual network(s). It also continuously syncs users, groups, and credential hashes from Microsoft Entra ID.There is no built‑in way to “pause” or temporarily disable this service to test whether it is used. The only way to stop billing is to delete the managed domain, and deletion is permanent.
To assess whether it is still needed before deleting:
- Identify dependent workloads
- Check for any Azure VMs (Windows or Linux) joined to this domain (for example, joined to
cciproducts.com) and using it for sign‑in. - Check any applications that rely on LDAP, Kerberos/NTLM, or Group Policy via this domain (for example, legacy line‑of‑business apps, file servers, or app servers migrated from on‑premises AD DS).
- Review DNS settings on VNets/subnets that might point to the Domain Services IPs.
- Check for any Azure VMs (Windows or Linux) joined to this domain (for example, joined to
- Validate impact of removal
- If the managed domain is deleted:
- Domain controllers are deprovisioned and removed from the VNet.
- All data in the managed domain (custom OUs, GPOs, DNS records, service principals, gMSAs, etc.) is permanently deleted.
- Any machines joined to the managed domain lose their trust relationship and can no longer be accessed with corporate domain credentials; only local admin accounts will work until they are unjoined and reconfigured.
- If the managed domain is deleted:
- If confident nothing depends on it
- Sign in to the Microsoft Entra admin center as a Global Administrator.
- Go to Microsoft Entra Domain Services → select the
cciproducts.commanaged domain → Overview → Delete. - Confirm by typing the domain name and complete deletion. It can take 15–20 minutes or more.
If there is any doubt about dependencies (for example, unknown VMs or legacy apps), do not delete the managed domain until those dependencies are fully inventoried, because the deletion cannot be reversed.
References:
- What is Microsoft Entra Domain Services?
- Frequently asked questions (FAQs) about Microsoft Entra Domain Services
- Delete a Microsoft Entra Domain Services managed domain
- Known issues: Common alerts and resolutions in Microsoft Entra Domain Services
- Common use-cases and scenarios for Microsoft Entra Domain Services
- Microsoft Entra service description
AI-generated content may be incorrect. Read our transparency notes for more information. - Identify dependent workloads