I hit the exact same problem today. I found I need to set the DNS servers of my VNET to the IP addresses of the AADDS replica set… but I can’t create the AADDS (or any replica sets) until the VNET exists in which to create it. Chicken and egg…
However, looking at this pull request, it seems that the azurerm_virtual_network_dns_servers resource was created for this very reason. It splits out the creation of the VNET and the setting of its DNS IP addresses, allowing us to create the AADDS instance in between.
Unfortunately, the example shown on the official documentation of the azurerm_active_directory_domain_service does not include the setting of the VNET DNS servers. This means that, for anyone following that example, any other VMs created in the same VNET will be unable to join to the domain due to DNS resolution failures. This is despite that Pull Request from above explicitly stating that:
The DNS servers for both vnets must be set to use the IP addresses of the domain controllers belonging to the initial replica set
I feel this is a documentation bug, so I will raise this as an issue on the azurerm github.