fbpx Skip to content

Understanding Azure AD Domain Services

 In this lesson we are going to take a look at what exactly Azure Active Directory Domain Services  is and what it offers.


In this lecture, you are introduced to Azure Active Directory Domain Services (Azure ADDS). The discussion revolves around Azure ADDS being a managed, cloud-hosted version of traditional on-premises Active Directory, offering services such as domain join, group policy, LDAP, Kerberos, and NTLM authentication without the need for deploying or managing domain controllers.

You are informed that Azure ADDS includes a DNS namespace and a directory which work in conjunction with your existing Azure AD tenant. It supports both cloud-only Azure AD tenants and those synchronized with an on-premises Active Directory environment, facilitating the synchronization of user accounts.

Further explained is the deployment process of Azure ADDS, where Azure sets up two managed domain controllers on a specified virtual network, handling all their management in the background. This managed domain only allows one-way synchronization from Azure AD to the managed domain, highlighting the need to create resources in Azure AD for synchronization.

The lecture clarifies the creation and synchronization of user accounts, whether you are a cloud-only organization or using a hybrid configuration with an on-premises Active Directory. However, it is noted that external directory accounts linked to Azure AD won’t be available in Azure ADDS due to the unavailability of their credentials for synchronization.

A significant advantage of Azure ADDS is its support for Kerberos and NTLM authentication, simplifying the migration of on-premises applications that depend on Windows integrated authentication to the cloud. Additionally, the high availability provided by the inclusion of multiple domain controllers ensures that the managed domain remains available.

It’s emphasized that Azure ADDS managed domain is a standalone domain and not an extension of an on-premises AD domain, although one-way outbound forest trusts can be created if necessary.

The lecture concludes by setting the stage for the next session, which will compare key identity solutions for applications in Microsoft Azure.

© 2023 Thomas J Mitchell / TomTeachesIT