Azure AD Domain Services

19 Nov 2015

Azure AD Domain Services

In a recent email I received from Microsoft, they had the great pleasure of informing me that they are currently delivering 18 new features an hour (“for every green” or continual improvement etc.) - that might be a topic for a future Blog…

Anyway, one area where Microsoft has been doing a lot of work recently is of course the cloud; making it easier to implement and more specifically, how it links with our On-Premise resources.

Currently there are three options with regards to interoperability with Microsoft cloud services:

  • Standalone Cloud Identities based around Azure AD – Here the user ends up with two separate accounts, one for the cloud and one for On-Premise.
  • Hybrid “Same-Sign-On” - Using DirSync or its replacement AD-Connect (both of which are a cut down versions of Microsoft Identity Manager).  With this option the user has two accounts but they are synced so they use the same username and password on the Cloud services as they use On-Premise.  However, each time they switch between On-Premise and Cloud they are required to authenticate.
  • Fully “Single-Sign-On” with AD federation Services – Users only authenticate once across both the Cloud and On-Premise services with the accounts being controlled via the On-Premise Active Directory.

All this may change shortly as currently in Preview now is Azure AD Domain Services

This is an entirely new concept from Microsoft. It's a cloud based service which gives you a full Windows Server Active Directory compatible set of API's and protocols, delivered as a managed Azure service. This means that with Azure AD you will now be able turn on support for services, such as Kerberos, NTLM, Group Policy and LDAP, all of which are standard for On-Premise services but which your Cloud applications and server VM's may need.               

This will give you the ability to take any on-premises application that depends on Windows Server Active Directory and run it in Azure Infrastructure Services without having to worry about running, maintaining or patching Active Directory Domain Controller VMs.

Azure AD is now a super set of Windows Server AD so you will now have a ton of new options, and also the opportunity for companies to go "cloud only" while still getting all the benefits of Azure AD and Windows Server AD.

Below is a link to a Microsoft Blog on how to get started with this Preview Azure feature.


“The only way to make sense out of change is to plunge into it, move with it, and join the dance.” ― Alan W. Watts