No announcement yet.

Limit activity on AD site (Azure)

  • Filter
  • Time
  • Show
Clear All
new posts

  • Limit activity on AD site (Azure)

    Hi All.

    I have a question in regards to sites and services and more on the Azure resources and how to limit activity to these domain controllers. In a nutshell i have the following configured.

    - Site to Site VPN connected to Azure
    - Subnet assigned to a VNET in Azure lets say
    - 2 domain controllers in the subnet

    it is all working well for now but i want to do a few tings on top of the above

    - Deploy ADFS to a subnet in Azure (2 proxy 2 adfs boxes)
    - Lock down ADFS to talk only to the 2 DC located in Azure
    - From reading i can config the host file to only connect to the 2 DCs located in Azure.

    Is there away to stop extra kerberos requests etc going to these domain controllers in Azure? at the moment the interesting traffic and the firewall rules on-premises only allow the onsite Active Directory subnet to talk to the Azure Active Directory subnet but im not sure this will work or might cause issues. Is the subnet alone enough to minimize this?

    Has anyone else done something similar? created a new domain with trusts etc is out of the question at this stage.

    Hope this made sense thanks heaps
    Last edited by RocRick; 24th November 2017, 09:22.