Oct 12 2021 06:52 AM
Oct 12 2021 06:52 AM
one of our customers has just adopted a new on-prem Hyper-V host running Windows Server 2019. It will be used to run a few VMs such as a SQL Server, an application server and a small RDS farm (for which Active Directory is required to enable full RDS functionality based on my knowledge).
Currently our customer has no existing on-prem infrastructure in place. In fact, all users have an Office 365 license and their computers are joined to Azure AD.
I am seeking technical advice in order to check whether:
1) It is possible to join the new VMs to Azure AD in a way that Azure AD can actually be the complete replacement to the on-prem AD (which i doubt)
2) It is not possible to completely replace the on-prem AD and join the new VMs to Azure AD. As a result, at least one domain controller will need to be implemented on-prem along with the other VMs on the new Hyper-V host
Unfortunately, running the new VMs in the cloud is not currently an option.
Any help will be greatly appreciated.
Thanks and Regards,
Oct 30 2021 11:34 PM - edited Oct 30 2021 11:39 PM
You might want to consider Azure Active Directory Domain Services (AAD DS), rather than just the baseline Azure Active Directory (AAD). It's not exactly what you asked for in being a singular replacement using AAD (read the commentary about one-way replication and that the identities are separate to AAD), but it will allow you to achieve your stated goal of not running Active Directory on-premise.
This will allow you to run the infrastructure you quoted (noting RDS in particular) without having to actually run Active Directory on-premise.
There are more options - technical and commercial, but in the interest of starting out simple, AAD DS may be worth your while looking into.
Edited to include the following article that specifically discusses RDS in an AAD DS context:
Nov 07 2021 11:51 PM
thank you very much for taking the time to read my post and provide me with your thoughts. It is very much appreciated.