Azure Cloud Domain Controller servicing mobile desktops with Azure Connect? - azure

Given the recent updates to Windows Azure I am wondering if it is possible to create a domain controller and file server on Azure, then connect 10 to 20 remote workers using Azure Connect to this "virtual office".
My primary interest is whether or not a domain controller can exist in the cloud and service desktops with Active Directory as they roam. This would eliminate the need for an onprem server for a small business. Active Directory would be used for desktop logins and group policies, and potentially to authenticate a hosted file server, sharepoint instance, etc.
I see a lot of posts about domain controllers servicing offices over a VPN, and replicated azure domain controllers to onprem domain controllers, but nothing about whether a domain controller can run in the cloud and service roaming desktops (presumably with azure connect).
I am excited and ready for someone to tell me it's not possible. LOL

Yes this is possible, there are 2 tutorials that can help you with this:
The first one will help you setup a virtual network: Create a Virtual Network for Cross-Premises Connectivity
The second one will help you to install a new AD Forest in Windows Azure: Install a new Active Directory forest in Windows Azure

Related

Active Directory on VM vs Azure AD Domain Services

We have a couple of VMs in Azure, and want to use one of them as an RDS session host for user workstations. This requires us to buy CALs and setup the appropriate RDS services.
No problem there, but it also requires the VM to be joined to an Active Directory domain, which we don't have.
Azure offers AD Domain Services, but at USD$100 per month, it seems pricey, for not much return.
Since Active Directory is a standard Windows service, is there anything stopping us from simply installing this role on one of our existing VMs and running our own domain controller?
If not, why would anyone be paying monthly for Azure AD DS?
Any advantages to either approach? We're a small enterprise, and will not be using AD for managing resources, only for identity management.

Are there high-availability options for On-premise applications using Azure

We have some dedicated LOB application on-premise applications. Access to these apps is through the public Internet. Active Directory Domain Services is used to authenticate users.
In Azure, there are multiple ways to create high-availability; is there something similar for on-premise apps using Azure? By this I mean if one on-premise system is down, traffic is routed to another app.
I know there are some options such as Application Gateway, Traffic manager and Front-door including Azure LB, my question is - are these the right services we should use in an on-premise setting?
For your on premise environment, you can use Network Load balancing(NLB) feature of Windows Server. See details here, it has an Azure inspired feature too.

Access on-prem resources via Azure

I'm trying to access on-prem resources (file share on a file server) via Azure, but I'm stuck and don't know how to continue.
On Prem: 1 Domain Controller and 1 File Server (Server 2019 Std). Both are joined to a local domain. The DC runs Azure AD Connect for sync.
Client: Laptop running Windows 10, joined to the Azure AD. Is in a different network.
Goal: Laptop should access the file share.
For sure I just could use a VPN or smth, but I'm trying to learn a bit Azure.
I'm referring to the following Microsoft Website: https://learn.microsoft.com/en-us/microsoft-365/business/access-resources
"You can also allow access to on-premises resources like line of business (LOB) apps, file shares, and printers. To allow access, use Azure AD Connect to synchronize your on-premises Active Directory with Azure Active Directory."
I dont think those are related at all. Network path must exist between your laptop and the file share. And the Azure AD Connect can help you with authentication\authorization, not with establishing the network connection. You should use VPN to establish network connectivity and you can use Azure AD Connect to sync identities to be able to use the same identity to access resources in the cloud\on-premises

TFS Dual-Tier on Azure with Azure Active Directory

So, I'm trying to setup TFS 2017 on Azure with separate App tier VM and DB tier VM. I'm trying to connect them but apparently you can only do multi-tier when in an AD. Am I able to use solely Azure Active Directory for this? If so, how do I set it up? I've not see any instructions on how to properly do this.
Thanks!
Your issue is similar to this case on ServerFault. Usually, you need follow the steps below:
create virtual network
put your vms into that virtual network so they will be in the same network and domain works
join the domain
install TFS AT server and DT server.
Note: If you get error An Active Directory Domain Controller (AD DC) for the domain “x.x.com” could not be contacted when join a Windows 2012 R2 server to a domain in Windows Azure, check the solution here: http://www.itexperience.net/2014/06/06/an-active-directory-domain-controller-ad-dc-for-the-domain-x-x-com-could-not-be-contacted-windows-azure/
Useful guide can be downloaded from: http://vsarplanningguide.codeplex.com/downloads/get/842516

Can we integrate with Cloud Service and internal AD environment

I would like to ask one question as title. In some requirements we want to use internal AD account to run an application pool which was hosted in cloud service. And we found the instance of the cloud service does not in internal AD environment. Seems we should do some integration configuration before, but I don’t have any idea about it. Any suggestions?
Jeff, you would need to do the following:
1) Setup a Virtual Network in Azure.
Virtual Network: http://msdn.microsoft.com/en-us/library/azure/jj156007.aspx
2) Setup a VPN from your on-premise network to the Azure Virtual Network (VNET). You can use either a Point-to-Site (basically server-to-network) or Site-to-Site (network-to-network) VPN.
Site-to-Site: https://azure.microsoft.com/documentation/articles/vpn-gateway-site-to-site-create/
Point-to-Site: https://azure.microsoft.com/documentation/articles/vpn-gateway-point-to-site-create/
3) Create at least one Virtual Machine and configure it as a Domain Controller that is joined to your on-premise Domain. This DC will no different to any other DC you'd setup on-premise.
Stand-alone DC in Azure: http://msdn.microsoft.com/en-us/library/dn275963.aspx
4) Domain-join your Virtual Machines or Paas Web / Worker roles. Web / Worker Roles are slightly tricky but it can be done.
A bit old, but gives you an idea: http://blogs.msdn.com/b/windows_azure_connect_team_blog/archive/2010/12/10/domain-joining-windows-azure-roles.aspx
Then the last thing is to setup App Pool user's as you would normally.
HTH
You can integrate your on-premise Active Directory with your Azure Active Directory.
See: Azure Active Directory

Resources