Show
← Managed MS Azure About Azure Active Directory Domain ServicesAzure® Active Directory® (AD) Domain Services provide managed domain services such as domain join, group policy, Lightweight Directory Access Protocol (LDAP), and Kerberos/NT LAN Manager (NTLM) authentication that are fully compatible with Windows Server® Active Directory.Azure AD Domain Services allow these domain services to be consumed without the need to build, manage, and patch domain controllers as Azure Infrastructure as a Service (IaaS) virtual machines (VMs). Azure AD Domain Services integrate with existing Azure AD tenants, allowing users to log in using their corporate credentials. User accounts, group memberships and credentials from the customer's on-premises directory can be synchronized to Azure AD via Azure AD Connect, and are automatically available in the managed domain, eliminating the need to manage AD replication. Existing groups and user accounts can be used to secure access to resources, ensuring a smoother "lift-and-shift" of on-premises resources to Azure Infrastructure Services. Azure AD provides a stand-alone managed domain in Azure. VMs can be joined to the stand-alone managed domain, and group policies can be created for it. Requirements and Notes
Limitations
When to Use Azure Active DirectoryUnder certain circumstances, Azure AD is a low-cost and low-maintenance alternative to an IaaS-based domain controller for Active Directory services.Providing Active Directory services using Azure AD rather than IaaS is advantageous in the following cases:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-scenarios Refer to the following document to determine whether using Azure AD is appropriate for a particular use case: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-comparison Comparison of Azure AD Domain Services vs. IaaS VMsFeatureAzure AD Domain ServicesIaaS VMs for ADManaged service✓✕Secure deployments✓Administrator must secure the deploymentDNS server✓ (managed service)✓Domain or Enterprise administrator privileges✕✓Domain join✓✓Domain authentication using NTLM and Kerberos✓✓Kerberos constrained delegationresource-basedresource-based and account-basedCustom OU structure✓✓Schema extensions✕✓AD domain/forest trusts✕✓LDAP read✓✓Secure LDAP (LDAPS)✓✓LDAP write✕✓Group Policy✓✓Geo-distributed deployments✕✓ What is Active Directory domain Services Enterprise Administrator credentials?AD DS Enterprise Admin credentials
The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has completed.
What is Active Directory domain Services and how has it helped you as an administrator?Active Directory Domain Services (AD DS) are the core functions in Active Directory that manage users and computers and allow sysadmins to organize the data into logical hierarchies. AD DS provides for security certificates, Single Sign-On (SSO), LDAP, and rights management.
What are the 3 main components of an Active Directory?The Active Directory structure is comprised of three main components: domains, trees, and forests. Several objects, like users or devices that use the same AD database, can be grouped into a single domain.
What is the Active Directory domain Services AD role?Active Directory Domain Services (AD DS) is a server role in Active Directory that allows admins to manage and store information about resources from a network, as well as application data, in a distributed database.
|
