We have a couple of VMs in Azure, and want to use one of them as an RDS session host for user workstations. This requires us to buy CALs and setup the appropriate RDS services.
No problem there, but it also requires the VM to be joined to an Active Directory domain, which we don't have.
Azure offers AD Domain Services, but at USD$100 per month, it seems pricey, for not much return.
Since Active Directory is a standard Windows service, is there anything stopping us from simply installing this role on one of our existing VMs and running our own domain controller?
If not, why would anyone be paying monthly for Azure AD DS?
Any advantages to either approach? We're a small enterprise, and will not be using AD for managing resources, only for identity management.
Related
We have some dedicated LOB application on-premise applications. Access to these apps is through the public Internet. Active Directory Domain Services is used to authenticate users.
In Azure, there are multiple ways to create high-availability; is there something similar for on-premise apps using Azure? By this I mean if one on-premise system is down, traffic is routed to another app.
I know there are some options such as Application Gateway, Traffic manager and Front-door including Azure LB, my question is - are these the right services we should use in an on-premise setting?
For your on premise environment, you can use Network Load balancing(NLB) feature of Windows Server. See details here, it has an Azure inspired feature too.
How do I restrict remote AAD (Work/School) connected personal machines with Group Policy enforced from the AADDS VM?
This client's company is fully remote and is looking for a cloud group policy solution.
Is there anyway to use AADDS to accomplish this task?
Thanks,
To manages machines/computers with group policy the machine should be joined with domain(on prem domain controller or azure adds) Once the machine is joined to domain you can apply group policies.
If you are looking to use azure ad ds managed instance . it gives the ability to join computers on a domain without any need to manage or deploy a Domain Controller. The users can sign-in by using their existing corporate credentials.
If you want to manage group policy with adds managed instance, you need to create an additional vm with sevrer OS and you need to install required server roles to preform additional operations.
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance
Or else you can use Azure AD registered devices, The goal of Azure AD registered devices is to provide your users with support for the bring your own device (BYOD) or mobile device scenarios.
You can find more information Here about device management in azure Azure AD.
I don't have on premises users and computers I have all my users and computers in Azure AD and I have created an Azure Virtual machine to manage my users through group policy, but when I applied a group policy its not working with users. I have also applied gpupdate /force command on relevant computer.
Use Azure Active Directory Domain Services to join Azure virtual machines to a domain, without having to deploy domain controllers. Use Group Policy to more securely administer domain-joined virtual machines—a familiar way to apply and enforce security baselines on all of your Azure virtual machines.
Kindly check this link and see if it helps. If you have any further queries kindly let me know.
For my graduate project i dove into Microsoft Azure and i had no clue how it worked. Now, a few months later, i need to make some decisions.
For this project I am planning to migrate clients of an MSP to Azure. A typical client currently has 1 DC and 1 RDS in the on-premise setup. Now to host these servers in Azure it is possible to host the DC as a VM (like in a traditional setup) but I can also setup AAD, AADDS, Azure DNS for the client instead of the DC as a VM. So there is only 1 VM needed (for the RDS).
What is recommended for this?
Azure AD Domain Services is a managed domain. You don't need to provision, configure, or otherwise manage domain controllers for this domain. These management activities are provided as a service by Microsoft. So yes, if you are planning to move to cloud-only Azure AD tenant, then you do not need DC/VM. You can also use, ADDS for hybrid infrastructure.
Given the recent updates to Windows Azure I am wondering if it is possible to create a domain controller and file server on Azure, then connect 10 to 20 remote workers using Azure Connect to this "virtual office".
My primary interest is whether or not a domain controller can exist in the cloud and service desktops with Active Directory as they roam. This would eliminate the need for an onprem server for a small business. Active Directory would be used for desktop logins and group policies, and potentially to authenticate a hosted file server, sharepoint instance, etc.
I see a lot of posts about domain controllers servicing offices over a VPN, and replicated azure domain controllers to onprem domain controllers, but nothing about whether a domain controller can run in the cloud and service roaming desktops (presumably with azure connect).
I am excited and ready for someone to tell me it's not possible. LOL
Yes this is possible, there are 2 tutorials that can help you with this:
The first one will help you setup a virtual network: Create a Virtual Network for Cross-Premises Connectivity
The second one will help you to install a new AD Forest in Windows Azure: Install a new Active Directory forest in Windows Azure