Can I configure Azure AD Domain Services with my domain.local forest

I am trying to setup azure AD with Directory Services.  I have everything configured fine using Domain services tied to my VNET in Azure.  I also have a Site to Site tunnel configured for my VNET to my office firewall.  I also use Azure AD Connect to sync my Azure AD with Office365.  

My office365 and domain name configured in domain services is  My local domain at the office is domain.local.  The problem I am running into is when I change the VNET to use the DNS servers provided by the Azure domain services my server disconnect and is unreachable.  I then have to change the DNS back to my office domain controller and reboot the Azure VM.  I can then connect again.

My guess this is happening due to the Azure domain being .com and my local domain being .local.  Can anyone assist me with this.  I want my Azure VM's in the VNET to be able to authenticate users from the Azure AD in case the tunnel goes down.  Can I do this with Azure Domain Services or do I need to install another VM in the VNET as a domain controller to support  the .local domain?
Jeff PerryDirector of ITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:
If your internal Active Directory only uses a non-routable domain (for example, .local), this can't possibly match the verified domain you have on Office 365. You can fix this issue by either changing your primary domain in your on premises Active Directory, or by adding one or more UPN suffixes.

Change your primary domain
Change your primary domain to a domain you have verified in Office 365, for example, Every user that has the domain contoso.local is then updated to Domain Rename is a very involved process an easier solution is to add UPN suffixes, as in the following section.
Add UPN suffixes to your existing .local
Jeff PerryDirector of ITAuthor Commented:
How difficulty or complex is it to change your local forest from a .local to .com?  If that is difficult, I already have a UPN for .com which is how we sync to office365 right now.  My issue is I want to use Azure AD Domain Services for my VM's in Azure.  Would I have to change my local domain to make that work or just add a VM domain controller to the Azure VNET environment.

Thee are the solutions I was thinking would have to happen just looking for confirmation.
Jeff PerryDirector of ITAuthor Commented:
Also as I said we have the UPN and all local users are configured already with that UPN.  If that would make the local domain change any easier.
Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:
Since you have the UPN set up already just add the VM doamin controller to the Azure VNET environment.
Yes, if your local users are configured with .com UPN, that would make it much more easier than changing the forest domain.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.