For my graduate project i dove into Microsoft Azure and i had no clue how it worked. Now, a few months later, i need to make some decisions.
For this project I am planning to migrate clients of an MSP to Azure. A typical client currently has 1 DC and 1 RDS in the on-premise setup. Now to host these servers in Azure it is possible to host the DC as a VM (like in a traditional setup) but I can also setup AAD, AADDS, Azure DNS for the client instead of the DC as a VM. So there is only 1 VM needed (for the RDS).
What is recommended for this?
Azure AD Domain Services is a managed domain. You don't need to provision, configure, or otherwise manage domain controllers for this domain. These management activities are provided as a service by Microsoft. So yes, if you are planning to move to cloud-only Azure AD tenant, then you do not need DC/VM. You can also use, ADDS for hybrid infrastructure.
Related
We have a couple of VMs in Azure, and want to use one of them as an RDS session host for user workstations. This requires us to buy CALs and setup the appropriate RDS services.
No problem there, but it also requires the VM to be joined to an Active Directory domain, which we don't have.
Azure offers AD Domain Services, but at USD$100 per month, it seems pricey, for not much return.
Since Active Directory is a standard Windows service, is there anything stopping us from simply installing this role on one of our existing VMs and running our own domain controller?
If not, why would anyone be paying monthly for Azure AD DS?
Any advantages to either approach? We're a small enterprise, and will not be using AD for managing resources, only for identity management.
We have some dedicated LOB application on-premise applications. Access to these apps is through the public Internet. Active Directory Domain Services is used to authenticate users.
In Azure, there are multiple ways to create high-availability; is there something similar for on-premise apps using Azure? By this I mean if one on-premise system is down, traffic is routed to another app.
I know there are some options such as Application Gateway, Traffic manager and Front-door including Azure LB, my question is - are these the right services we should use in an on-premise setting?
For your on premise environment, you can use Network Load balancing(NLB) feature of Windows Server. See details here, it has an Azure inspired feature too.
I have O365 and Azure Active Directory enabled. Domain is testcompany.com and user can login to O365 with firstname.lastname#testcompany.com
I know how to create virtual network and create virtual machine to it.
And I would like to Web App to support AD authentication.
However I don't know what I need to do to able to join VM to AD. Should I create Azure Domain Services next? I read several articles explaining different features but cannot see what are main steps to perform.
Should I create Azure Domain Services next?
Yes, we should enable Azure AD Domain Services.
Here are the steps:
1.Create the AAD DC Administrators group
2.Create or select a virtual network for Azure Domain services
3.Enable Azure AD domain services
4.Update DNS settings for the Azure Virtual network
5.Enable password synchronization to AAD Domain Services for a cloud-only Azure AD tenant.
After completing the tasks above, you can a VM to the domain by referring to the link.
I would like to ask one question as title. In some requirements we want to use internal AD account to run an application pool which was hosted in cloud service. And we found the instance of the cloud service does not in internal AD environment. Seems we should do some integration configuration before, but I don’t have any idea about it. Any suggestions?
Jeff, you would need to do the following:
1) Setup a Virtual Network in Azure.
Virtual Network: http://msdn.microsoft.com/en-us/library/azure/jj156007.aspx
2) Setup a VPN from your on-premise network to the Azure Virtual Network (VNET). You can use either a Point-to-Site (basically server-to-network) or Site-to-Site (network-to-network) VPN.
Site-to-Site: https://azure.microsoft.com/documentation/articles/vpn-gateway-site-to-site-create/
Point-to-Site: https://azure.microsoft.com/documentation/articles/vpn-gateway-point-to-site-create/
3) Create at least one Virtual Machine and configure it as a Domain Controller that is joined to your on-premise Domain. This DC will no different to any other DC you'd setup on-premise.
Stand-alone DC in Azure: http://msdn.microsoft.com/en-us/library/dn275963.aspx
4) Domain-join your Virtual Machines or Paas Web / Worker roles. Web / Worker Roles are slightly tricky but it can be done.
A bit old, but gives you an idea: http://blogs.msdn.com/b/windows_azure_connect_team_blog/archive/2010/12/10/domain-joining-windows-azure-roles.aspx
Then the last thing is to setup App Pool user's as you would normally.
HTH
You can integrate your on-premise Active Directory with your Azure Active Directory.
See: Azure Active Directory
Given the recent updates to Windows Azure I am wondering if it is possible to create a domain controller and file server on Azure, then connect 10 to 20 remote workers using Azure Connect to this "virtual office".
My primary interest is whether or not a domain controller can exist in the cloud and service desktops with Active Directory as they roam. This would eliminate the need for an onprem server for a small business. Active Directory would be used for desktop logins and group policies, and potentially to authenticate a hosted file server, sharepoint instance, etc.
I see a lot of posts about domain controllers servicing offices over a VPN, and replicated azure domain controllers to onprem domain controllers, but nothing about whether a domain controller can run in the cloud and service roaming desktops (presumably with azure connect).
I am excited and ready for someone to tell me it's not possible. LOL
Yes this is possible, there are 2 tutorials that can help you with this:
The first one will help you setup a virtual network: Create a Virtual Network for Cross-Premises Connectivity
The second one will help you to install a new AD Forest in Windows Azure: Install a new Active Directory forest in Windows Azure