Forum Discussion
Azure Active Directory Domain Services On -premises workstation Join
Hello Gian,
Microsoft is trying to help customers simplify their cloud networks by building more services in the cloud. Before AAD DS, many customers used to build AD DS VMs on Azure in order to provide LDAP/Kerberos, etc., authentication for specific requirements. So, MS has simplified this by implementing AAD DS, meaning you get two IP DNS sources that are, in effect, AD DS VMs unmanaged by you. This is desgined devices that are on your Azure virtual network. This being said, for on-premises devices to authenticate to AAD DS, you must have a point-to-point VPN tunnel and point the local devices to your AAD DS DNS ips. But you should have a reliable network connection. As for AAD Connect (formerly DirSync), thats required for local AD DS synchronization to your AAD. Given that you prefer not having any local server resources, this would not apply in your case. Hope this helps.
Hi everyone,
I'm very familiar with MS Active Directory having supported it since WIndows Server 2003 but, now working for a small software business that is entertaining a full Cloud infrastructure but does not already run Active Directory in any shape or form, I started investigating what is described here by Microsoft as effectively, "Active Directory as a Service"
https://azure.microsoft.com/en-gb/services/active-directory-ds/
Microsoft state in the above link
"Use Azure Active Directory Domain Services to join Azure virtual machines to a domain, without having to deploy domain controllers. Sign in to the virtual machines using their corporate Azure Active Directory credentials and seamlessly access resources. Use Group Policy to more securely administer domain-joined virtual machines – a familiar way to apply and enforce security baselines on all of your Azure virtual machines."
Another quote :
"Take advantage of Azure Active Directory Domain Services features like domain join, LDAP, NT LAN Manager (NTLM) and Kerberos authentication, which are widely used in enterprises. Migrate legacy directory-aware applications running on-premises to Azure, without having to worry about identity requirements. Easily deploy line-of-business applications on Linux and Windows Server virtual machines on Azure. You don’t have to deploy domain controllers as Azure virtual machines or use a VPN connection back to your identity infrastructure."
So, if AAD DS, is in not a Cloud based Active Directory that facilitates some traditional Domain management such as Group Policy (albeit via an Azure VM running Active Directory Adminstration Tools and joined to the AAD Domain) and other "on premise" AD functionality, including Windows 10 workstation AAD domain join without the need for building, deploying and maintaining Domain Controllers, what is it exactly?
Sid
Sid
Hi Sid,
No problem. Glad you have good observations too and yes I think we have identical ambitions for Azure Active Directory. Thank you for adding this up.
Cheers!
