Understanding Azure AD Domain Services
Cloud adoption is on the rise. According to a 2018 RightScale study, 81 percent of enterprises have a multi-cloud strategy. A major challenge in the shift to cloud-based solutions is migrating an on-premise application that you’ve customized and used for years. The solution to that challenge is Azure Active Directory (AD) Domain Services.
Before Azure AD DS, administrators had a few options. You could use a site-to-site VPN connection between the workloads in your on-premises network to Azure. However, these connections are vulnerable to glitches and outages. You can also deploy a virtual machine as a domain controller in Azure. This would require you to manage, secure, backup and troubleshoot any issues with these virtual machines. Both of these options require extensive maintenance costs and administrative overhead.
Bring in Azure Active Directory Domain Services
Azure AD Domain Services provide managed domain services (such as domain join, group policy, LDAP, Kerberos/NTLM authentication) without the need to deploy and manage domain controllers in the cloud. It also syncs your existing identities by extending your on-premise Active Directory into the cloud, allowing users to access the same usernames, passwords, groups and permissions as the existing infrastructure.
Benefits of Azure AD DS
Azure AD Domain Services offer the following benefits:
- Simplicity – Without the need for a domain controller, deployment of Azure AD takes only a few minutes and a few quick clicks.
- Compatibility – Azure AD Domain Services is fully compatible with Windows Server Active Directory, LDAP, Kerberos, NTLM, Group Policy and domain join, meaning you can deploy your applications in the cloud confidently.
- Cost effectiveness – With Azure AD Domain Services, you can avoid the cost burden of implementing and managing virtual machines and VPN connections. Moving your applications to Azure using AD DS will allow greater operational savings.
- Integration – User accounts, group memberships and user credentials from your Azure AD directory sync with Azure AD Domain Services.
Deploying Azure AD DS
The benefits of using Azure AD DS are extensive. Here are the four most common deployment scenarios for Azure Active Directory (AD) Domain Services.
1. Quick and easy administration of Azure virtual machines
You can connect multiple azure virtual machines to the managed domain, eliminating the need to manage individual local admin accounts. The virtual machines can be managed and secured using Group Policy, allowing you to apply required security baselines.
2. Lift-and-shift an on-premises application that uses LDAP bind authentication
If you have an on-premises application that does not use Windows Integrated Authentication but does support LDAP, you can set up a managed domain and permit access to resources based on the LDAp directory.
3. Lift-and-shift an on-premises application that uses LDAP read to access the directory
If you have an on-premises application that uses LDAP to read information about users from Active Directory and can’t be overwritten to use modern APIs, you can migrate the application to the cloud without modifying or rewriting existing application code.
4. Migrate an on-premises service or daemon application to Azure Infrastructure Services
If you have an application that only supports Windows Integrated Authentication, you can migrate and deploy the app in domain-joined virtual machines. Then, you can use the same service account from your on-premises directory that is synced to Azure AD.
Looking to see how you can use Azure Active Directory Domain Services in your cloud migration? Contact our team of experts and explore your cloud migration options.
