By Greg Keller Posted February 7, 2017
Microsoft has been promoting a cloud domain controller called Azure Active Directory Domain Services. The concept is interesting, but there are a lot of questions around what a cloud domain controller actually means.
- Is it a replacement for your on-prem domain controller?
- Can your on-prem systems and applications to the cloud domain be joined?
- What exactly is a cloud domain?
These are all great questions. Unfortunately, the approach that Microsoft has taken with Azure AD Domain Services is to create a domain controller for Azure, not for your on-prem or other related IT resources. Their cloud domain controller isn’t a replacement for an on-prem domain controller.
A Closer Look at Azure AD Domain Services
Here is some more information from a Microsoft-related forum on Spiceworks:
“Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.
“That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.
“As you can see here Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. It can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing access for your partners to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, Multi-Factor Authentication, protection of your identities in the cloud, reporting of Sign-ins from possibly infected devices, leaked credentials report, user behavioral analysis are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.
“Even the recently announced Azure Active Directory Domain Services are not a usual DC as a service that you could use to replicate your existing Active Directory implementation to the cloud. It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services. But with no replication to any other on-premises or cloud (in a VM) domain controller.
“If you want to migrate your domain controllers in the cloud to use them for traditional task you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.
“So to conclude, if you would like to extend the reach of your identities to the cloud you can start by synchronizing your Active Directory to Azure AD.”
As you can see, Azure AD Domain Services is just a domain controller for your Azure systems. The broader issue is whether you even need a domain controller anymore.
The Necessity of the Domain Controller
With more IT resources being hosted in the cloud and leveraging non-Windows operating systems, the concept of the domain doesn’t really make sense. WiFi networks have also changed the way that IT admins view their network. Many are thinking of it as more of a café-style approach where any user can get on the network and then securely connect to their applications and systems.
JumpCloud® Renders the Cloud Domain Controller Obsolete
This different approach to identity management is an opportunity to find the right cloud-hosted identity management platform. A new generation of IDaaS solution called Directory-as-a-Service® is emerging as the alternative to Active Directory and Azure AD. In fact, with Directory-as-a-Service, there is no need for a cloud domain controller, or for that matter, an on-prem one.
As a centralized identity provider, Directory-as-a-Service is the virtual directory service connecting user identities to Mac, Windows, and Linux systems, cloud and on-prem applications, and WiFi networks and infrastructure. Those IT resources can be located anywhere in the world and leverage a wide variety of protocols. In fact, AWS, G Suite, Office 365, Google Cloud, and other cloud platforms can be easily and seamlessly integrated.
Drop us a note if you would like to learn more about cloud domain controllers and alternatives to Azure AD Domain Services. Also, sign up for a free Directory-as-a-Service account to check it out. Your first 10 users are free forever.