Roughly a year after it was released in preview form, Microsoft announced general availability of Azure Active Directory (AAD) Domain Services. In today’s Ask the Admin, I’ll look at the managed service in more detail, and the changes since it previewed last year.
AAD is primarily an identity management solution for apps born in the cloud, but many organizations also deploy full-scale server installations of SharePoint and Exchange in Azure that rely on AD for user and computer authentication. But because AAD supports a different set of protocols, such as OAuth and OpenID Connect, one or more domain controllers also had to be deployed.
To address that problem, or as Microsoft puts it, “lift-and-shift” apps to the cloud, AAD Domain Services extends the capabilities of AAD to provide many of the features of an on-premises AD deployment without needing to install domain controllers (DCs) in the cloud, set up ExpressRoute, or a VPN to connect on-premises DCs to Azure. AAD Domain Services relieves organizations of having to maintain, secure and patch DCs in the cloud, is highly available and priced based on usage.
AAD Domain Services adds some domain controller capabilities to AAD, including Kerberos, Windows Integrated Authentication, and NTLM, support for Group Policy and Lightweight Directory Access Protocol (LDAP). And although it’s not a necessity, it’s also possible to synchronize AAD to on-premises AD, further expanding the possible scenarios in which AAD Domain Services could be deployed. For a list of deployment scenarios, and restrictions of AAD Domain Services in each case, see Deployment scenarios and use-cases on Microsoft’s website.
Since it was first released in preview form last year, Microsoft has added support for secure LDAP, and the ability for “AAD DC Administrators” to configure DNS for managed domains and create custom Organizational Units (OUs). There’s also domain join for Linux, and if you need more information, there’s documentation on how to join RedHat Linux VMs to a domain. Virtual network peering allows AAD Domain Services to be connected to other virtual networks, such as those deployed using Azure Resource Manager.
Microsoft is offering a discount until December 1, 2016, where pricing is per hour and based on the number of objects in your directory. Directories with less than 25,000 objects will be charged $0.10 and $0.15 after December 1st, while directories with between 25,001 and 100,00 objects will be charged $0.20 and $0.40 after December 1st.
Stay tuned to the Petri IT Knowledgebase for more articles on how to use AAD Domain Services soon.