By Rajat Bhargava Posted March 21, 2017
There has been a lot of question around what you can actually do with Microsoft Azure Active Directory Domain Services. Can you replace your on-prem domain controller? Do you need Active Directory anymore? Can you join your on-prem devices to the cloud domain? What is a cloud domain and does that even make any sense? The list of questions goes on and on.
Some Clarity on Azure Active Directory Domain Services
There’s a lack of understanding on what Azure AD Domain Services can do, so we wanted to provide some clarity. Azure AD Domain Services is a domain controller for your Azure virtual machines and systems. It is not meant to replace your on-prem domain controller, nor can it join on-prem systems to a cloud domain.
In fact, Microsoft’s viewpoints on what Azure Active Directory is relative to Active Directory and how that relates to the domain controller is highlighted in this post on Spiceworks.
“Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.
“That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.
“As you can see here Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. It can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing access for your partners to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, Multi-Factor Authentication, protection of your identities in the cloud, reporting of Sign-ins from possibly infected devices, leaked credentials report, user behavioral analysis are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.
“Even the recently announced Azure Active Directory Domain Services are not a usual DC as a service that you could use to replicate your existing Active Directory implementation to the cloud. It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services. But with no replication to any other on-premises or cloud (in a VM) domain controller.
“If you want to migrate your domain controllers in the cloud to use them for traditional task you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.
“So to conclude, if you would like to extend the reach of your identities to the cloud you can start by synchronizing your Active Directory to Azure AD.”
The Domain in the Cloud Era
What’s interesting is the concept of the domain itself in the cloud era. When many of your IT resources and services are all across the world, does it even make sense to have a domain controller? A homogeneous Microsoft Windows network located on-prem is no longer the norm in IT landscapes. Modern organizations are leveraging the best solutions for their organization. Consequently, Mac and Linux devices, AWS cloud servers, the G Suite productivity solution, and others may be concurrently operating. Active Directory struggles to manage users and access to those other, non-Windows resources.
As a result, we are seeing modern organizations moving to next generation IDaaS (Identity-as-a-Service) platforms. This approach eliminates the need for a domain controller – whether on-prem or in the cloud. Even better, this approach centralizes user management across all of your IT resources, including systems, applications, and networks independent of platform, provider, protocol, and location.
JumpCloud® Renders the Domain Controller Obsolete
Directory-as-a-Service® is the leading alternative to Active Directory and Azure AD. With core functions of system management of Mac, Windows, and Linux machines, cloud LDAP and RADIUS services, MFA, True Single Sign-On™, WiFi authentication, and more, Directory-as-a-Service also eliminates the need for a domain controller.
If you would like to learn more about Azure Active Directory Domain Services, drop us a note. Also, give our cloud-hosted directory services solution a try. Since your first 10 users are forever free, sign up for a free account today.