Call us: (407) 567-0096
Open a ticket
Chat with us
USA flag German flag Spanish flag
BLOG Published on 2017/10/22 by Asitha De Silva in Tech-Tips

Azure AD Domain Services | What’s New

Azure AD domain services is where you can get Active Directory Domain as a Service from Azure. It provides AD features such as domain join, group policy, LDAP, Kerberos/ NTLM authentication as a Managed Domain Service from Azure in a pay as you go model. Microsoft released Azure AD domain service in 2016 and it has improved with new features.

For most organizations Cloud has become their underline platform of infrastructure. When comes to Azure, there are number of SAAS applications available so that the organization can transform their current applications to those, In example people that using Exchange on-prem can transform in to Office 365. Also you can rewrite the existing applications to support Azure PAAS and leverage Azure AD. Applications that are using Kerberos or LDAP can be rewritten to support modern authentication mechanisms such as OAuth, OpenID or REST based API’s.  

Moreover there are applications which you cannot transfer into SAAS or rewrite it to support Azure authentication. These legacy applications highly depend on On-premise Active directory. So we have to provide access to Active directory using following ways if we are moving these apps to Azure

  • Deploy a site to site VPN between Azure to on premise ADDS and maintain the On-Prem ADDS.
  • Deploy additional domain controller in an Azure VM and replicate with on premise Domain controllers
  • Deploy a stand-alone domain in a Azure VM
  • Or Azure AD Domain Services.

What is Azure AD Domain Services?

Azure AD Domain Services provide domain services to the workloads. You can use it for Domain joining, deploy group policies, LDAP, authentication using Kerberos or NTLM and managing users and groups. It’s integrated in to the Azure tenant and as a manage service, you don’t need to be worried on management duties such as patching or taking backups and its always highly available. With Azure AD Domain Services, following benefits can be achieved,

Simple
It’s easy to implement with few clicks and there is no management overhead like managing domain controllers. No patching or updates, no additional security enhancements and no regular backups required. It’s integrated to the Azure tenant and Azure AD.

Compatible
It is fully compatible with windows server, not all but most of the features you use in on premise active directory environment can be used with the domain services. It is fully compatible with LDAP, Kerberos, NTLM, Group Policy, and domain join capabilities. Apps that rely on these on premise services can be kept working in cloud after shifting.    

Available
It’s a highly available system while addressing Azure HA concepts like different fault domains, update domains and ensuring there is no resilient outages. Also there will be regular automatic backups to make sure you don’t lose anything.

Cost effective
It is a pay as you go model and the costing is made to the number of objects in the directory. No need of an infrastructure to manage and VPN only need for a hybrid deployment with on premise AD maintained.


How Azure AD Domain Services work

Azure AD Domain Services work closely with Azure Active directory. It has a Sync service which will synchronize all of the users, groups and passwords from Azure AD and make available in domain services. After enabling Domain services, you have to select a virtual network. This is where the domain services will be available and VM’s or other virtual networks that have access to this virtual network can access the Azure AD domain services.

Hybrid Infrastructure

This is where the environments with On Premise Active directory infrastructure. AD Connect, the tool that can synchronize objects from on premise active directory to Azure AD can be implemented to create the connection to Azure AD. With the synchronization it will sync users, groups, passwords and other attributes. After Azure AD synced with On Premise active directory, Azure AD domain services manage sync process that will synchronize the objects from Azure AD. This is a fully Microsoft managed sync services, you don’t have to worry about the monitoring the health or management process.  

 


Features and Benefits

Azure AD domain services is a managed domain, it will not a replacement for on premise Active directory services. But it has some benefits and features which will be useful according to your requirements.

Benefits

  • High available domain
  • Version upgrades and patching will be managed by Microsoft automatically
  • No overhead of monitoring of health, replication or fault configurations.
  • DR is built in and backing up will done automatically
  • Benefits from fault resilient feature of Azure
  • Pay as you go model save the initial cost of deployment.

Features

  • Simple and easy to implement
  • NTLM and Kerberos authentication
    Applications can use windows integrated authentication
  • Domain join computer accounts
  • Single sign on/ single password
    You can use the same password for Azure AD, On Premise systems and domain services join computers.
  • Integrated with Azure AD
    Automatic sync service will regular sync users, groups, passwords from azure AD to domain services
  • Deploy group polices
    You can use the default group polices for computers or users, also custom policies can be enable for custom organizational units.
  • Administration of DNS
    Same on premise DNS management experience
  • Same on premise management experience


Pricing Details

Azure Active Directory Domain Services usage is charged per hour, based on the total number of objects in your Active Directory Domain Services managed domain, including users, groups, and domain-joined computers.

  • Support – Technical support through Azure support starting at $29/month.
  • SLA - Guarantee of at least 99.9% up time


Azure AD Domain services vs Active Directory Services on premise or in Azure VM’s

As I described earlier, there are few differences of Azure AD domain services vs conventional ADDS. Because of a managed service, Azure AD domain services cannot behave same as ADDS which we used to deploy. but according to your organizational requirement you can decide which solution most appropriate to the need. Following table compare the features, but you should do a cost comparison too.


Features considering for future

According to the Microsoft ignite 2017, following features are considered to be added to the product soon.

  • Cloud solution provider support
  • Support for a single managed domain to span multiple virtual networks
  • Managed resource forests
  • Schema extensions
  • Support for LDAP writes

From a future post, I will discuss how to enable and configure the Azure AD Domain services. Hope now you have a good understanding about Domain services.


Cheers

Asitha De Silva


References

Microsoft Ignite 2017

Microsoft TechNet and docs.microsoft.com

Asitha De Silva

Consultant Cloud Solutions

Expert in architecting and implementing cloud-based infrastructure solutions.

Popular
Volume Activation Management Tool 3.1 – Implementing and Activating
By  Asitha De Silva  -   2015/12/13
Windows File Server 2016 | Map Network Drive for Users and Group Drive using GPO
By  Asitha De Silva  -   2017/12/28
Multiple Password Policies for Domain Users
By  Asitha De Silva  -   2019/11/16
Newsletter

To keep up with the news and updates related to our products, make sure to subscribe to our newsletter!

Copyright © 2024 Terminalworks. All Rights Reserved

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Cookie Policy. Privacy details