none
ADD Domain Service

    Question

  • Hi,
    I have a question about active directory. Im a student and im doing research about AAD. The question is- now is 2017 and just saw on azure.microsoft.com that AAD has now Domain Services, LDAP, AD domain join, NTLM, and Kerberos auth. And there is a lots of publications(2014,15,16) that you cant replace it traditional AD(server on-prem)  with cloud solution based on Azure AD. If it possible to do so, then its changing everything. Then i would like to compare or contrast. Im just would like to understand why is the benefits of moving to ADD except SSO with is a biggest pros of ADD. So, can be possible to replace AD with Azure AD?

    Thank you for your help!
    With regards,
    Aleksei harlasov

    Sunday, March 12, 2017 11:19 AM

All replies

  • Hello Aleksei,

    so first, NO AAD DS is not a replacement for traditional AD, beside the fact it is not designed for there are and I assume will be some limitation in that "simulated" AD based on Azure AD.

    For example Workstation domain join is nt supported on AAD DS and GPO an Schema things are limited.

    It is currently designed only for bringing OnPrem Apps to the cloud which cannot be or not in the the near future be migrated/ported to support AAD directly.

    So you can bring the VM with the application to IaaS VM and join the server to AAD DS so that you can use the AAD users and groups to assign permission and login to the application.

    AzureAD has a different design, so think of why you use an onPrem AD, mostly for users/group, and GPOs to control server and clients, also attribute store for other apps.

    Using SaaS Apps you dont have the need for servers any more, while clients can join AAD directly to access apps, those clients can managed with Intune so no GPO need any more, also Apps can store data in AAD. This leads to the fact that in some scenarios you dont need the traditional AD any more if you can rely only on SaaS apps.

    For custom/own apps you may also dont need "real" servers any more when using PaaS components for example.

    The above is just a "theoretical" scenario but it may already fit some organizations today and we can assume more to come in Azure AD and around in the future. But I guess most organizations will at least have an traditional AD for a long time.

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Sunday, March 12, 2017 12:20 PM