03-22-2019 05:59 AM
Yes, why do we need AD? This is a cloud solution and perfect for SMBs. I have been waiting for this service to come in Public Preview since we did not make it in the private one and got my email yesterday morning. Super excited, couldn't sign in fast enough to fire it up and test it out as we have had talks with customers about it. Followed the documentation and then went to create my pool and my excitement just drained away when an AD UPN and vnet was required to continue. What a let down. Just like the let down of the new security and compliance offers that are only available if you have M365 E3. Is anyone at Microsoft paying attention to SMBs? These products are a huge sell for them and for the first time they are not overpriced.
04-23-2019 10:28 AM
@Vladimir Stefanovic : The requirement is:
- an Azure Active Directory
- a Windows Server Active Directory that is in sync with it, which can be...
-- Windows Server Active Directory running on VMs, and synchronized to Azure AD with Azure AD Connect
-- Windows Server Active Directory running on VMs and federated to Azure AD
-- Azure AD Domain Services (which stands up a Windows Server Active Directory for you and lets you domain-join the machines)
05-15-2019 01:56 PM
12-05-2019 11:55 PM
we've been through this with a customer. they started up with classic on-prem AD w/AAD sync to Office365/Azure AD.
after a sync we broke this connection and made all users 'cloud only'.
then deployed Azure AD DS and created the 'application host group' with 2 Win10 w/o365
customer have now been running on this for 3 weeks.
and no its not as easy as it sounds in my description :p and we still have issues with outlook and signing even tough i think we got a break yesterday night. so overall it looks good.
remember that AAD --> AAD DS is oneway sync and your DC's are managed by engineers in US so you cant logon to them and cant access shares/sysvol and such. You cant move users out of the AADCusers group (e.g. no OU segmentation) and have to put all GPO's in one OU and use security filtering...