locked
Azure Active Directory RRS feed

  • Question

  • Good afternoon


    We are in the process of implementing AAD in the company, we have an ipsec connection to blue working correctly, and we have some servers implemented in blue, and we do not have any servers in the facilities. We plan to perform the installation in blue of a virtual machine with Windows Server 2019 with the role of Active Directory and DNS, and then join the domain the computers in the facilities of this server, then on that server install an AD Connet to synchronize users with ADF and Office 365.


    My concerns would be:

    1. Is it necessary to purchase CAL for the VM with the role of Active Directory?

    2. If we use Azure ADDS services, may we need CAL per user / machine attached to the domain?

    3. If we join the workstations on-premise directly to an Azure Active Directory, is it seriously possible to manage GPO by also installing Azure ADDS?

    4. What are the types of licensing you need to buy for each of the users.


    Record that we don't have any onpremise infrastructure, and that is not an option.


    regards
    Friday, February 21, 2020 6:22 PM

All replies

  • Hi Johny,

    1. Is it necessary to purchase CAL for the VM with the role of Active Directory?

    Windows Server OS licensing cost is included in the running rate of Azure VMs based on Azure Marketplace Windows Server images

    2. If we use Azure ADDS services, may we need CAL per user / machine attached to the domain?

    Pls refer to https://social.technet.microsoft.com/Forums/ie/en-US/611193b5-c10e-4be6-b3c1-ffa7057fb2dd/ad-usercomputer-licensecal?forum=winserverDS

    3. If we join the equipment directly to an active blue directory, is it seriously possible to manage GPO by also installing Azure ADDS?

    You cannot join Windows Server computers to Azure AD (at least not in production - this feature is still in preview). If you want to use GPOs, then the servers must be joined to either AD or Azure ADDS.

    4. What are the types of licensing you need to buy for each of the users.

    Pls refer to

    https://social.technet.microsoft.com/Forums/ie/en-US/611193b5-c10e-4be6-b3c1-ffa7057fb2dd/ad-usercomputer-licensecal?forum=winserverDS

    hth
    Marcin



    Friday, February 21, 2020 6:31 PM
  • Thanks for the answers Marcin.

    With reference to point one and two, it is not clear to me if I really need CAL when I install a VM in Azure with the role of AD or use Azure ADDS and then join on-premise workstations to that domain.

    With reference to point three, I make it clear that these are on-premise workstations.

    With reference to point 4, I refer to the type of licensing that I would need in azure directly.
    Friday, February 21, 2020 7:38 PM
  • Hi Johny

    licensing for VMs deployed by using Azure Marketpace Windows OS is covered by the running rate of those VMs. 

    You cannot join on-premises computers to an Azure AD DS domain.

    For licensing in all other scenarios, you should refer directly to a Microsoft licensing specialist. This is the only way to ensure that you won't be violating licensing requirements

    hth
    Marcin

    Friday, February 21, 2020 8:50 PM
  • Hi Johny Salazar,

    We're migrating from MSDN to Microsoft Q&A as our new forums and Azure Active Directory has already made the move! 

    In the future, you can ask and look for Azure Active Directory related questions here: 
    https://docs.microsoft.com/answers/topics/azure-active-directory.html 
    Note: Since this thread did not land in the right forum it would be moved to the appropriate forum.
    We are actively working to onboard the remaining Azure services to Microsoft Q&A. We will make a public announcement once this is complete.
    Want to Learn more about the new platform?  Check out Microsoft Q&A Getting Started.
    Monday, March 2, 2020 6:15 PM