Greetings!!
Download this PDF file and read thoroughly . I have tried to explain from beginning and you will find step by step guidance to setup Azure AD domain service .
CLICK HERE TO DOWNLOAD PDF FILE
THE JOURNEY :
Azure AD Domain Service , is an offering from Microsoft to gain advantages of Domain specific feature like LDAP/Kerberos/OU/Group Policy within Azure but without creating VM or managing VM . Confused ?? Don’t be . Let me explain this story from the beginning .
So I would like to start from ADDS . ADDS is a windows server operating system based feature/role which give option to build Forest along with Domains . Domain is a logical security boundary created by the Domain Controller where we have installed ADDS role . Within domain we get option to apply Group Policy which is the industry leading way to authorize people . Where Kerberos manage authorization . So to install ADDS we should have a physical/Virtual system and need to install OS first then ADDS role . Forest is a collection of multiple Domain .
Now instead of creating VM top of Hyper-V, we can create this VM in Azure and forget about physical hardware management , but still you have manage VM or application availability .
So you can install ADDS in azure VM and provision domain environment in azure . It will be AD in Azure . Apart from that we have Azure AD . Which is a PaaS and help us to provide authentication and authorization to cloud App (Office 365 , azure etc) . But use of Azure AD is limited and it’s not a replacement of ADDS . In-fact the purpose of Azure AD is completely different then ADDS . ADDS is to create domain/forest to manage user and computers where Azure to is to provide authentication to cloud app . It work based of RBAC and OAuth where as ADDS work based on LDAP and Kerberos protocol .
Now , let’s focus on Azure AD Domain Service : Azure AD DS itself a service in azure . But unlike Azure AD it’s not limited to cloud based application . In back ground Azure ADDS provision 2 VM in AV set and those VM is responsible for provisioning Domain and DNS . But as of now its limited to single Domain and Single Forest environment .
Basically the main use of Azure ADDS is Lift and Shift of LDAP application to Azure .
FAQ :
Q. Is ADDS and Azure AD DS same ?
Ans . Working principle is almost same but traditional ADDS is more capable . Azure AD DS is limited to few scenario , where migrating LDAP based application is most imp .
Q. Is Azure AD DS replacement of ADDS ?
Ans. As of now NO .
Q. Can Azure AD DS and ADDS work together ?
Ans. Yes but in very limited case . Both are not dependent at all , Both the service can function independently but there is no direct connection between this two service . ADDS can send user details to Azure AD DS via Azure AD .
Q. Can I build forest trust between this two environment ?
Ans. No .
Q. Can I create multi domain – multi forest scenario in Azure AD DS ?
Ans. No . As of now .
Q. How can I manage VM responsible for Azure AD DS or how RDP will work over here ?
Ans. First of all we cant take RDP of VM’s – are responsible for Azure AD DS . Only possible way is Remote Server Administration Tool .
This document is a step by step guidance to create Azure AD Domain Service from the scratch . I have divided this document into multiple part where in first part I will talk about prerequisite and how to set up that one . If you are into brown field then you can skip few step but if you are working in a green field environment then follow this document from start .
NutShell of this entire practical :
Creating NSG in azure is easy unless you want to create multiple NSG with multiple…
# Mention your VM here $VMName = "SubhenduTestVM" # Mention your Stage Storage here $stagestorageaccountname…
Hope you are doing great . Current Time is very critical for us . I…
Being a part of Microsoft Education I have explored powershell long time back . But…
Sorry !! But Yes . Microsoft is about to release new exam in Azure Segment…
Migration is always a part of our life and part of this fantastic IT world…