Azure AD Domain services and LDAPS


  • Hello everyone!

    We as a team are assigned to outsource our servers to azure. We want to do this by using components (not VM's) to replace the current functionality.

    We already replaced the databases and have an idea on the other components, but our LDAP server leaves us with a lot of questions. 

    We've set-up Azure Domain Services to use LDAPS. Currently we don't know how to connect to our Azure AD using LDAP.

    Is it necessary to have a domain controller running on a VM to use Azure through LDAP? 

    We plan to completely replace the LDAP server, but still want to use this protocol. How should we proceed?

    Our LDAP server currently runs on a CentOs Linux server.

    Friday, March 24, 2017 1:37 PM

All replies

  • Azure AD alone does not provide LDAP services, however you can enable Azure Active Directory Domain Services which is a PaaS AD as a service offering, which provides something more similar to a traditional AD domain. You can join machines to this and undertake LDAP queries, however it does have some limitations, it's not exactly the same as on prem AD and you are limited in what rights you have and what you can do, see here for more details. AAD DS is mainly intended as a solution for moving applications to Azure that need a directory to work with, rather than a replacement for a full AD.

    If that doesn't work for you, then you will need to look at running AD or other LDAP directory in a VM.

    Sam Cogan Microsoft Azure MVP
    Blog | Twitter

    Friday, March 24, 2017 2:12 PM