Azure Active Directory Domain Services

Almost a year ago Microsoft announced Azure Active Directory Domain Services in preview (and it is still in preview). Before releasing this service you needed to deploy domain controllers in Azure or have a site-to-site VPN (from on-premises to Azure) contacting on-premises domain controllers to use services in the cloud relying on active directory and related servics. With the release of Azure AD Domain Services you now have a cloud-based identity solution which allows you to manage users and groups without deploying domain controllers.

When you enable this service, two domain controllers are automatically setup in you environment for high-availability, but you don`t have to pay for these two domain controllers (VM`s), you pay for the service per hour (see this site for the pricing). As you can not login directly to these domain controllers, you don`t have to worry about managing these domain controllers like you have to do with on-premises domain controllers or domain controllers deployed by yourself in Azure, Microsoft does it for you. It is really Active Directory as a service.

When the two domain controllers are up-and-running you can manage Active Directory by joining a Windows Server Virtual Machine hosted on Azure to the domain you setup AD Domain Services for. Just add the required management features to the server and you are able to manage the environment via Active Directory Users and Computers or Group Policy Management. All your users and groups which are available in Azure AD/ Office 365, from now can also be found in ADUC.
Note that managing the AD and policies are very basic at this moment. You are not a Domain Admin and you have limited rights on the AD. You are allowed to manage the existing Group Policies, but at this moment, you are not allowed to create your own GPO`s unfortunately.

You are now able to deploy VM`s (Windows or Linux) running an application which rely on Active Directory to the cloud without deploying domain controllers to the cloud. Access control can be done by Azure AD Domain Services. You don`t have to use different user accounts from another cloud provider which hosts your application, you just use the same user accounts already present in Azure/ Office 365. Another example is running an FTP server on IIS deployed on an Azure VM. Setup the required user rights on the FTP folder based on the AD groups/ users and your users only have to remember just one set of credentials.

Some functionalities Azure AD Domain Services provides:

Join servers to a domain (Windows and Linux)
Use (basic) Group Policies
Create custom organizational units (OU`s)
Use Kerberos/ NTLM
Support for secure LDAP
Administer DNS on the managed domain

For now Azure AD Domain Services is still in preview and some functionalities, like managing Group Policies, are very basic. But I expect the functionalities will be increased in the future.

For further information and pricing you can visit this website of Microsoft.

Azure AD shows all devices

Intune MAM Conditional Access update

Intune Mobile Application Management

Hide the “Turn on an ad privacy feature” pop-up in Chrome with Microsoft Intune

How to set Google as default search provider with Microsoft Intune

Using Windows Autopilot device preparation with Windows 365 Frontline shared cloud PCs

Using Visual Studio with Microsoft Endpoint Privilege Management, some notes

most popular

Application installation issues; Download pending

Restrict which users can logon into a Windows 10 device with Microsoft Intune

How to change the Windows 11 language with Intune

Update Microsoft Edge during Windows Autopilot enrollments

Azure Active Directory Domain Services

Related Posts