Hosted Domain Controllers in Azure – No VM Required!

By Aaron Saposnik| December 04, 2015

In August we discussed the ability for Windows 10 workstations to join to Microsoft Azure Active Directory without an Active Directory domain controller, but with all other devices still requiring a Windows Server to support a domain. This is all about to change with Azure Active Directory (AD) Domain Services, a new service currently in Preview mode. Azure AD Domain Services will provide a fully hosted domain within Azure, allowing many of the same benefits of your on-premises domain without the management headache.

What does Azure Active Directory (AD) Domain Services offer?

Azure AD Domain Services is designed to integrate with your existing Azure Active Directory to provide a single authentication and management source for all of your Azure needs. Some of the key features offered by Azure AD Domain Services are:

  • Full domain join – Any IaaS servers in Azure can be joined to AD Domain Services without a domain controller. Simply point your server to the IPs of the Domain Services and join the domain like usual, Azure will take care of the rest.
  • Group Policies and more – All of the features you expect from an on-premises domain controller will be available from AD Domain Services in the cloud. In particular, administrators can continue to use and deploy Group Policies to manage devices joined to AD Domain Services and allow for an easy transition to the cloud.
  • Multiple Authentication Types (LDAP, Kerberos, NTLM, etc.) – Many applications rely on LDAP or a similar protocol to authenticate against the domain and allow for unified authentication.  AD Domain Services support these protocols so legacy applications that require them can be easily migrated and still authenticate and function properly.

How to Integrate Azure AD Domain Services with your existing setup

Most organizations already have an on-premises domain. Azure AD Domain Services is designed to make the integration between on-premise and the cloud simple. The Azure AD Connect tool is used by many organizations to connect Office 365 to the on-premises domain, and if you already have this configured you are already setup to use AD Domain Services. Microsoft will take that same directory that is being synchronized by Azure AD Connect and extend it via AD Domain Services, allowing for the same logins and security across all systems. The best part is that Azure AD Connect does not require a tunnel so you can extend your domain into Azure without any firewall changes.

If you already have a domain not to worry – Azure AD Domain Services will integrate with your existing setup

Azure AD Domain Services is still in Preview so some of these features might change before the final release. Contact us if you would like to learn more or need assistance integrating Azure AD Domain Services within your environment.

Leveraging opportunities in the cloud