Azure Active Directory as Domain Controller for Azure Virtual Machines

azure active-directory azure-virtual-machine azure-virtual-network azure-active-directory
24,587

Solution 1

NO! Windows Azure Active Directory is NOT a Domain Controller. You can NOT join computers to Windows Azure AD. You can use it to sync on-premises AD with Windows Azure AD to easily enable Web SSO (Single Sign On). You can use to build enterprise grade web applications.

You can read more about Windows Azure Active Directory here.

Solution 2

Up until recently the answer was a flat no, but that has changed with Windows 10.

Windows 10 devices can join Azure Active Directory (AD) domains. But it is more about identify management than traditional Active Directory (AD) services. But you can use a combination of Azure AD and MDM (Mobile Device Management) to provide some of the services that used to be reserved for AD.

One thing to keep in mind is that Azure Active Directory (AD) is completely different than the similarly named Active Directory provided by a Windows Domain Controller. Azure AD is not a Domain Controller, but as of Windows 10 Azure AD, MDM and Intune can do some of the things that you previously could only be provided by AD. With Windows 10, Microsoft has greatly extended MDM and has made it possible to manage regular Windows 10 desktop and laptops with MDM.

The Active Directory Team Blog has more information. The post Azure Active Directory and Windows 10: Bringing the cloud to enterprise desktops! list some of the benefits that it brings including:

  • Self-provisioning of corporate owned devices.
  • Use existing organizational accounts.
  • Automatic MDM enrollment.
  • Single Sign-On to company resources in the cloud.
  • Single Sign-on on-premises
  • Enterprise-ready Windows store.
  • Support for modern form factors. Azure AD Join will work on devices that don't have the traditional domain join capabilities.
  • OS State Roaming.

This doesn't cover the traditional features provided by AD. Per the post Azure AD Join on Windows 10 devices Azure AD it targeted at the following three scenarios: Your apps and resources are largely in the cloud, Seasonal workers and Students, and Choose your own device for on-premises users. As you can see Azure AD is targeted more towards enabling BYOD (Bring Your Own Device). Azure AD enables management of devices, like tablets or non-Pro version of Windows, that don't have the capability to join a Domain.

From the same post:

Domain join gets you the best on-premises experiences on devices capable of domain joining, while Azure AD join is optimized for users that primarily access cloud resources. Azure AD Join is also great if you want to manage devices from the cloud with a MDM instead of with Group Policy and SCCM.

Azure now offers traditional Active Directory service called Azure Active Directory Domain Services. This offers domain join, NTLM and Kerboeros authentication. You can even manage machines using Group Policy.

Solution 3

This is possible using Azure Active Directory Domain Service (notice the difference from regular Azure Active Directory which does not have domain support)

https://azure.microsoft.com/en-us/services/active-directory-ds/

Share:
24,587
Naveen Vijay
Author by

Naveen Vijay

Updated on February 01, 2020

Comments

  • Naveen Vijay
    Naveen Vijay over 4 years

    Azure Active Directory is "as a service" offering from Azure. I have seen documentations and content from Microsoft stating that can be used for SSO and other Web application for unified auth.

    Will it be possible to make use of Azure Active Directory as replacement of Windows Server AD in Azure virtual machines in Virtual Networks? I see that the Windows Server Active Directory Installation on Azure VM involves execution from powershell and stuff?

  • Naveen Vijay
    Naveen Vijay about 11 years
    Thanks got the big doubt clarified. Is there any roadmap for Microsoft to make it DC / bring in DC features into it?
  • astaykov
    astaykov about 11 years
    I am not aware of such intent. I would be surprised if there is. You could achieve that with the IaaS (Infrastructure As A Service) offering from Azure - the Azure Virtual Machines. But you sill have to maintain hard link (via hardware VPN Device) to your local network (connected computers)
  • runxc1 Bret Ferrier
    runxc1 Bret Ferrier about 11 years
    astaykov, do you know if there is anywhere we can go to request this feature?
  • astaykov
    astaykov about 11 years
    This is not the purpose of Azure AD, and has never been. You can go to http://www.mygreatwindowsazureidea.com/ but I doubt this will happen anytime soon, if happens at all.
  • Dennis
    Dennis over 9 years
    Would it be possible to setup a domain controller on a Basic A0 VM that uses a reverse DirSync to Azure AD? The reasoning is so that other VMs can join the domain and we can control RDP access without having to share a common password.
  • Igor Gatis
    Igor Gatis about 9 years
    Really sad Azure AD is not an actual SaaS AD. It would save me tons of hours coming up with my own user-access-control strategy throughout my VMs with RD access. Sigh.
  • Frode Stenstrøm
    Frode Stenstrøm over 8 years
    The answer is correct. However, Microsoft is running a private test where Azure AD works as a normal domain controller. The long term goal is to provide Domain Controllers as a Service.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

On premise Active Directory ObjectId is different than Azure Active Directory ObjectId
Get Azure Active Directory Token with username and password
Azure Permission - needed for creating resource group - RBAC
Field to add employee ID in Azure AD/Office365
Windows 2016 Server on site domain join with Azure AD
Using Azure AD to push Group Policy settings
Password reset not working because password writeback not working in portal.azure.com
Can we sync Employeeid on prem AD property to Azure Ad using Ad Connect?
Get Azure Active Directory password expiry date in PowerShell
In Azure Active directory user disable option is there?