Forum Discussion
Gaston NDOUMBE
Jan 17, 2018Copper Contributor
Question on Azure Active Directory Premium
Hello Team
I have a Customer that has a project on implementing Active Directory on Premises but There is a Delay on getting the hardware and now there is this idea coming Up of Implementing an...
- Jan 18, 2018Sorry, completely missed your question in my first reply!
Yes, it’s possible, but it does also require some more tricks.
If you create the users in local AD after you have created them in Azure AD, then Azure AD Connect will join them on first sync as long as UPN, mail and proxyAddresses attributes match. That requirement is something you can achieve with a simple PowerShell script.
Regarding the computer objects it’s a bit different story. Here I would recommend implementing device writeback together with Windows Hello for Business. This requires Windows 10, and done right, combined with Intune for device management, you will have a very good, future proof and enterprise ready solution!
Anders Eide
Jan 18, 2018MVP
Hi!
This is absolutely feasible!
You would first deploy new Windows Servers using the Azure IaaS offering, and then extend the virtual network to on-premises using a site-to-site VPN configuration.
Please have a look at this document
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-deploying-ws-ad-guidelines
/Anders
This is absolutely feasible!
You would first deploy new Windows Servers using the Azure IaaS offering, and then extend the virtual network to on-premises using a site-to-site VPN configuration.
Please have a look at this document
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-deploying-ws-ad-guidelines
/Anders
- Anders EideJan 18, 2018MVPSorry, completely missed your question in my first reply!
Yes, it’s possible, but it does also require some more tricks.
If you create the users in local AD after you have created them in Azure AD, then Azure AD Connect will join them on first sync as long as UPN, mail and proxyAddresses attributes match. That requirement is something you can achieve with a simple PowerShell script.
Regarding the computer objects it’s a bit different story. Here I would recommend implementing device writeback together with Windows Hello for Business. This requires Windows 10, and done right, combined with Intune for device management, you will have a very good, future proof and enterprise ready solution!- Gaston NDOUMBEJan 19, 2018Copper ContributorHello Anders
Please lets make some simples things clear for me . Can you integrate a Machine which is not Windows 10 (Windows 7,8) in an Azure AD premium Domain?- Anders EideJan 19, 2018MVPHi!
You can only join Windows 10 devices to Azure AD, so no Windows 7/8/8.1. That would require Active Directory Domain Services.
https://docs.microsoft.com/en-us/azure/active-directory/device-management-introduction#azure-ad-joined-devices
If you need support for pre win 10, maybe my first response wasn’t that far off after all :)
/Anders