question

Ours-2370 avatar image
0 Votes"
Ours-2370 asked Ours-2370 edited

Azure AD or Azure ADDS to replace on premise DC

in order to remove the domain controller on different sites, (authentication on computer, gpo, sharing on file servers). I need answers to my different questions, but also "testimonials" from people who have implemented these technologies in their company.

If I understood correctly, Azure AD is only ported to Microsoft accounts. So what about computers? They are visible on Azure AD but can we apply gpo on them?

Other questions: How will a user log in on his computer? with a local session?
Using an all Azure AD you need to :
- replace a file server by sharpoint?
- use Outlook?
- in fact it's using a full cloud environment?
- no need for VPN

But using Azure ADDS :
You can keep your on premise environment (file server, TSE, LDAP authentication..) while removing the on premise domain controller. Nevertheless, do you need a constant VPN between the local network and Azure?

Here is the goal is that you correct me if I said mistakes, and also to complete my words.

Thanks in advance

Ours

azure-active-directorywindows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Ours-2370 avatar image
0 Votes"
Ours-2370 answered

I have already read this article but I must admit that it confuses me. I would have liked more "personal" answers because I've been reading articles for a while.
And as we can't try the techno to realize in practice it's even more complicated.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sam-Cogan avatar image
0 Votes"
Sam-Cogan answered Ours-2370 edited

Azure AD is not a like for like replacement for On-Premises AD. Azure AD is a modern authentication provider that is focused on user and application authentication using modern protocols such as OAuth, OIDC and SAML rather than LDAP. It does not have a concept of a computer object, group policies for similar. The naming of Azure AD is unfortunate as it can be confusing. You can read more about this here.

So, in terms of replacing your on-premises AD you really have three options.

  1. Us a combination of Azure AD and other services to replicate what you can currently do. AAD can do user authentication and machine logon. You can look at using InTune for GPO like policies, Azure DNS for DNS, Azure Files for file shares, Exchange Online for email and so on

  2. Look at using Azure AD Domain Services to create domain controllers as a service, which do support legacy AD functionality, but be aware that this has quite a few limitations.. You will also need to constant private connectivity to Azure for this, such as VPN or ExpressRoute

  3. Deploy domain controllers in Azure using virtual machines. You then need to manage these VM's




· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for taking the time to explain.

I understood everything you wrote, however, the last sentence caught my attention. " "
Because it seems to me that if I put domain controllers in Azure. it is to take the Azure ADDS offer? no?

If not, what is the difference between your sentence and Azure ADDS?

Azure ADDS replace AD on-premise (without adding too many features)?

between Azure AD and Azure ADDS in order to replace AD On-premise:
Which is more "flexible"?
Which is cheaper?
Which is easier (no need to install 4000 things)?

Thanks in advance

have a nice day

0 Votes 0 ·