Azure Active Directory Domain Services (AADDS)

Azure Active Directory Domain Services (AADDS) is a managed domain service which allows windows domain join, group policy, LDAP, and Kerberos authentication without having to deploy, manage, or patch domain controllers. We could build a Windows VM in Azure, promote it to a domain controller the traditional way like you would on-premise. However this would mean we would need network connectivity back to our on-premise domain, expressroute or VPN and we would need to manage these VMs for patching, downtime, resiliance etc. An Azure AD DS managed domain also allows legacy applications in the cloud that can't use modern authentication.

With AADDS this is fully managed for us by Microsoft, so we dont need to worry about patching, deploying, managing. Microsoft also includes backups and encryption.

We don`t require network connectivity back to on-premise, we can use password hash sync through AD connect and Azure AD as shown in the diagram. So we perform a one way sync of users, groups and credentials from Azure AD

The domain is a unique domain namespace (with a 15 character limit), separate to any other DNS namespace to avoid conflict. In this scenario our on-premise domain name is cloudinspired.com and our Azure AD Domain Services namespace is dscloudinspired.com.

0:33 Introduction to Azure AD Domain Services (AADDS)
03:33 Creating AADDS Managed Domain
06:45 AADDS Portal Settings
08:03 Enable Password Hash Sync Using PowerShell
10:56 Configuring Virtual Network for DNS to Enable VM Domain Join

Learn Active Directory (ADDS) vs Azure Active Directory (AAD) Cloud Identity
   • Learn Azure AD and Active Directory W...  

Subscribe here, new videos posted weekly:
   / @cloudinspired  

Connect to Cloud Inspired social media:
Twitter   / cloud_inspired  
Blog https://www.cloudinspired.com

#aadds
#azureaddomainservices