/
Azure Active Directory Domain Services (AD DS)

Azure Active Directory Domain Services (AD DS)

Owned by Roger Cruz, created
Last updated: Jan 03, 2022

 

Intro

Azure Active Directory Domain Services (AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. You use these domain services without the need to deploy, manage, and patch domain controllers (DCs) in the cloud.

Documentation

 

Tips and Tidbits

  • An Azure AD DS managed domain lets you run legacy applications in the cloud that can't use modern authentication methods, or where you don't want directory lookups to always go back to an on-premises AD DS environment.

  • You can lift and shift those legacy applications from your on-premises environment into a managed domain, without needing to manage the AD DS environment in the cloud.

  • Azure AD DS integrates with your existing Azure AD tenant.

    • This integration lets users sign in to services and applications connected to the managed domain using their existing credentials.

    • You can also use existing groups and user accounts to secure access to resources.

 

  • How to extend an on-premises Active Directory domain to Azure to provide distributed authentication services

  • If your application is hosted partly on-premises and partly in Azure, it may be more efficient to replicate Active Directory Domain Services (AD DS) in Azure.

    • This can reduce the latency caused by sending authentication requests from the cloud back to AD DS running on-premises.

  • This architecture also supports bidirectional replication, meaning changes can be made either on-premises or in the cloud, and both sources will be kept consistent

  • Typical uses for this architecture include hybrid applications in which functionality is distributed between on-premises and Azure, and applications and services that perform authentication using Active Directory.