active directory services in azure

  • 129 Views
  • Last Post 20 September 2016
kebabfest posted this 20 September 2016

Hi Guys,
Has anybody much experience in setting up Active Directory Services in Azure. What are the pitfalls ?  Does setting this up mitigate the need for Federated Services for SSO for Offie365 ? I am going to a client site which has DirSync setup (I haven't seen it yet, but I think it was an attempt to setup SSO which failed ) but no Office365.To mitgrate this to Office365 I was going to setup an Exchange Hybrid Solution (OnPremises is Exchange 2013 so easy enough) with a Federated Services\Proxy Solution and upgrade the DirSynch to ADConnect.
Does Active Directory Services in Azure reduce the need for the DirSynch\ADConnect ?
Cheers
Eoin

Order By: Standard | Newest | Votes
dloder posted this 20 September 2016

Just about every aspect of hybrid cloud has a dependency upon AADConnect.  Not sure exactly which service you're referring to with "Active Directory Services in Azure."  If you mean ADDS hosted in an Azure PaaS instance, you'll still need sync to enable O365.  And if you meant Azure Active Directory Domain Services, that also needs sync to populate the AD forest that Azure manages for you.-- http://dloder.blogspot.com --

show

darren posted this 20 September 2016

Eoin-

If you are referring to Azure AD Domain Services, I did a video walkthrough of it a while back, which you can see here:

href="
?v=F-FBTKNttUQ


 

Think of AADDS as a projection of your on-prem AD users/groups to provide “traditional” AD services like LDAP and Kerberos, to IaaS workloads running in Azure. It still required

Azure AD Connect or equivalent to sync data into Azure AD. It is not technically the same domain that you’re running on-prem, but the accounts and secrets are the same. And, when I last looked at it, it was limited to one virtual network within Azure IaaS.

It’s entirely possible it’s gotten more capable, but I don’t think so.

 

Darren

 

show

mpolicht posted this 20 September 2016

Darren, Eoin,

The single VNet limitation of AADDS still applies. For single-region deployments, this restriction is mitigated by the support for VNet peering (more at



https://azure.microsoft.com/en-us/documentation/articles/virtual-network-peering-overview/ ). For multi-region deployments, there are resiliency implications to consider.

 

Rgds

Marcin

 

 

show

href="
?v=F-FBTKNttUQ


 

Think of AADDS as a projection of your on-prem AD users/groups to provide “traditional” AD services like LDAP and Kerberos, to IaaS workloads running in Azure. It still required

Azure AD Connect or equivalent to sync data into Azure AD. It is not technically the same domain that you’re running on-prem, but the accounts and secrets are the same. And, when I last looked at it, it was limited to one virtual network within Azure IaaS.

It’s entirely possible it’s gotten more capable, but I don’t think so.

 

Darren

 





From:

ActiveDir-owner@xxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxx]

On Behalf Of David Loder


Sent: Tuesday, September 20, 2016 4:42 AM


To: ActiveDir@xxxxxxxxxxxxxxxx


Subject: Re: [ActiveDir] active directory services in azure





 





Just about every aspect of hybrid cloud has a dependency upon AADConnect.  Not sure exactly which service you're referring to with "Active Directory Services

in Azure."  If you mean ADDS hosted in an Azure PaaS instance, you'll still need sync to enable O365.  And if you meant Azure Active Directory Domain Services, that also needs sync to populate the AD forest that Azure manages for you.





-- http://dloder.blogspot.com --





 




















From: Eoin Hamdam <ehamdam@xxxxxxxxxxxxxxxx>


To: activedir@xxxxxxxxxxxxxxxx


Sent: Tuesday, September 20, 2016 3:56 AM


Subject: [ActiveDir] active directory services in azure





 







Hi Guys,





 





Has anybody much experience in setting up Active Directory Services in Azure. What are the pitfalls ?  





Does setting this up mitigate the need for Federated Services for SSO for Offie365 ?







I am going to a client site which has DirSync setup (I haven't seen it yet, but I think it was an attempt to setup SSO which failed ) but no Office365.





To mitgrate this to Office365 I was going to setup an Exchange Hybrid Solution (OnPremises is Exchange 2013 so easy enough) with a Federated Services\Proxy

Solution and upgrade the DirSynch to ADConnect.





 





Does Active Directory Services in Azure reduce the need for the DirSynch\ADConnect ?







 





Cheers







 





 





Eoin





 





 







 

kebabfest posted this 20 September 2016

Thanks for that. That explains it in a way I can understand it.  I think for what I want is a Domain Controller in Azure as I don't think these services will provide the functionality that I was looking for.


show

target="_blank">https://www.youtube.com/watch?v=F-FBTKNttUQ

 

Think of AADDS as a projection of your on-prem AD users/groups to provide “traditional” AD services like LDAP and Kerberos, to IaaS workloads running in Azure. It still required

Azure AD Connect or equivalent to sync data into Azure AD. It is not technically the same domain that you’re running on-prem, but the accounts and secrets are the same. And, when I last looked at it, it was limited to one virtual network within Azure IaaS.

It’s entirely possible it’s gotten more capable, but I don’t think so.

 

Darren

 





From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org]

On Behalf Of David Loder


Sent: Tuesday, September 20, 2016 4:42 AM


To: ActiveDir@xxxxxxxxxxxxxxxx


Subject: Re: [ActiveDir] active directory services in azure





 





Just about every aspect of hybrid cloud has a dependency upon AADConnect.  Not sure exactly which service you're referring to with "Active Directory Services

in Azure."  If you mean ADDS hosted in an Azure PaaS instance, you'll still need sync to enable O365.  And if you meant Azure Active Directory Domain Services, that also needs sync to populate the AD forest that Azure manages for you.





-- http://dloder.blogspot.com --





 




















From: Eoin Hamdam <ehamdam@xxxxxxxxxxxxxxxx>


To: activedir@xxxxxxxxxxxxxxxx


Sent: Tuesday, September 20, 2016 3:56 AM


Subject: [ActiveDir] active directory services in azure





 







Hi Guys,





 





Has anybody much experience in setting up Active Directory Services in Azure. What are the pitfalls ?  





Does setting this up mitigate the need for Federated Services for SSO for Offie365 ?







I am going to a client site which has DirSync setup (I haven't seen it yet, but I think it was an attempt to setup SSO which failed ) but no Office365.





To mitgrate this to Office365 I was going to setup an Exchange Hybrid Solution (OnPremises is Exchange 2013 so easy enough) with a Federated Services\Proxy

Solution and upgrade the DirSynch to ADConnect.





 





Does Active Directory Services in Azure reduce the need for the DirSynch\ADConnect ?







 





Cheers







 





 





Eoin





 





 







 

Close