Accelerate your move to the cloud with new capabilities in Azure AD Domain Services
Published Mar 15 2021 09:00 AM 14.7K Views

Howdy folks!  


New capabilities in Azure Active Directory Domain Services will make it easier for you to move your legacy, on-premises apps to the cloud. The additional capabilities in our managed domain services solution include geo redundancy, faster sync, and resource forests. 



Geo-redundancy enhances performance and disaster recovery

Geo-redundancy is a must for large, geographically dispersed organizations with mission critical applications. With the general availability of replica sets you can now create a replica domain controller set for your managed domain in up to four additional regionsWith replica sets, your Azure AD Domain Services applications gain enhanced performance and disaster recovery for your business by adding geo-redundancy in different regions.  




Diagram of Azure AD Domain Services replica set with two regions. 

For most Azure AD Domain Services customers, adding another replica is a quick experience. To learn more about replica sets and how to deploy your own, visit our documentation 



Synchronization speed increases for multiple cores

When managing hybrid identity, you want to know you have the least latency possible between on-site changes and cloud-authenticated updates. To improve this experience, we’ve made changes to the synchronization engine between your managed domain and Azure AD. 


We’ve made the following changes to every Azure AD Domain Services-managed domain that is on a resource manager virtual network: 


  • Three new attributes:CompanyName, Manager and EmployeeID are now available attributes on user objects in your managed domain.  
  • Faster initial sync and incremental updates:Performance testing reveals our new sync engine delivers significantly faster automation than the previous service. The upgraded service leverages multiple cores to sync memberships in parallel, resulting in the greatest performance for those customers leveraging more cores. 


To learn more about synchronization for Azure AD Domain Services, visit our documentation.  



Resource forest makes it easier to move legacy protocols onto Azure 

You can now create a resource forest-based managed domain without password hash synchronization. In a resource forest, user objects and credentials exist in the on-premises Active Directory Domain Services forest, while still enabling you to lift your resources that use legacy authentication protocols onto Azure. This is great for customers who use smartcards to sign in to their applications. 



Diagram of an Azure AD Domain Services resource forest.  

When determining whether to create a user forest or a resource forest, we recommend the following guides and resources to help you decide:



And as always,  join the conversation in the Microsoft Tech Community and send us your feedback and suggestions. You know we’re listening!  


Best regards, 


Alex Simons (@Alex_A_Simons ) 

Corporate VP of Program Management 

Microsoft Identity Division 

Version history
Last update:
‎Aug 19 2021 04:22 PM
Updated by: