Azure Active Directory Domain Services (Azure AD DS) is a fully managed, highly available Active Directory as a service. It supports Domain Join, NTLM, Kerberos and Group Policies.
If you are using Azure AD DS, you don’t have to deploy and manage Active Directory Domain Services (AD DS) aka Domain Controllers Virtual Machines (VM) on Azure.
Azure AD DS integrates with Azure AD and allows you to use existing users & groups in Azure AD to provide access to the resources. There is an automatic one way sync established from Azure AD to Azure AD DS so all resources you have in Azure AD (Which might be in sync with your on premises AD DS) are available in Azure AD DS.
Below is nice diagram (from Microsoft site) that depicts this:
Azure AD DS can be used and should be evaluated as an option if you have applications hosted on cloud that require domain join, LDAP, NTLM or Kerberos authentication. The option you have otherwise are to extend your on premises AD DS to Azure using a Domain Controller or connect to on premises AD DS over a VPN connection.
If you do not have on premises AD DS and deploying an application on cloud that require the AD functionality you should evaluate using Azure AD DS instead of building domain controllers on virtual machines.
The names and technology are confusing. Let’s try to summarize below:
Active Directory Domain Services (AD DS): Traditional Active directory that is part of Windows Server and require deployment of Domain Controllers that can be hosted on premises or on Azure. You are responsible for management, monitoring and security of the deployment.
Azure Active Directory (Azure AD): The Azure Identity solution behind Office 365 and Azure Platform. A very common deployment is to sync your on premises AD to Azure AD. Highly available and managed by Microsoft. Doesn’t provide many of the traditional AD DS features including LDAP, Group Policies. Used by Small enterprises as an identity solution with devices joined to Azure AD to provide SSO.
Azure Active Directory Domain Services (Azure AD DS): Provides many of the traditional AD DS features including Domain Join, Group Policies, LDAP and NTLM. Fully managed by Microsoft, integrates with Azure AD to provide single identity and access to resources.
We help customers adopt the right strategy when they are transitioning to cloud and want the consultation. Do reach out to us if you question about “AD on Cloud” or “AD on Azure” or should you deploy AD or use Azure AD and go cloud only. We will be happy to share our knowledge and experiences.
#ActiveDirectoryOnCloud #ADonAzure #ADasaService