2020/11/14 Microsoft Cloud Solutions 375 visit(s)
Active Directory (AD) is Microsoft's proprietary directory service. It runs on Windows Server and allows administrators to manage permissions and access to network resources. There are 4 types of Microsoft Active Directory, namely:
Microsoft Active Directory (most often referred to as a domain controller) is excellent for managing the authentication and authorization functions for users and computers within an organization. Its reliance upon member computers permanently joined to a domain and protocols such as LDAP for directory querying and Kerberos for directory authentication are no longer suitable for the modern Internet-centric, mobile style of work environment becoming the norm today.
Think of Active Directory as on-premise only, which means all of your authentication infrastructure is running on hardware in house.
Azure Active Directory (AAD) is a version of directory services “in the cloud” hosted on Microsoft Azure. AAD does have quite different capabilities and features compared to Windows Server Active Directory (AD). Its primary function at the moment is to manage users and the myriad of devices (Windows, Apple and Linux PC’s, tablets and smartphones, etc.) that users are employing in their work and social lives, particularly for remote users.
AAD is blurring the distinction between “on-premise" and “remote” users. AAD is the authentication and authorization mechanism for not only Azure, Office 365 and Intune, but is capable of tying in many other third-party authentication systems.
Think of Azure Active Directory as cloud only, which means if you have legacy software you will need to go with Hybrid Azure AD (HAAD).
Hybrid Azure AD is used when you have your local Active Directory (domain controller) on-premise and want to synchronize your data to Azure Active Directory. Instead of having two sets of credentials in two different places, you can add it in the ‘onsite’ domain controller, and it will replicate to Azure AD with the help of a Microsoft software add-on called Azure AD Connect.
Hybrid Azure AD is the first step in achieving one single identity. Today, most of our clients have one set of credentials to log on to their laptop and one set of credentials to log on to their email hosted on Office 365. With Hybrid Azure AD, you can set up the synchronization to Office 365 and manage the users on-premise, using your existing local Domain Controller.
You have two options:
Option #1: You keep your ‘on-premise’ domain controller within your physical location, and install AD Connect to synchronize your users, and their passwords, with Azure AD.
Option #2: Move your existing ‘on-premise’ domain controller into a virtual machine hosted on Azure, install AD Connect to synchronize with Azure AD, and create a VPN connection between your office and the Azure datacenter where your domain controller is now hosted.
Azure Active Directory Domain Services (AAD DS) is a standalone service in Azure that enables a domain controller for virtual machines in Azure, without setting up a standalone server as a domain controller. It creates a domain controller as a service, so you don’t need to worry about downtime, patching or other things.
It syncs users, groups, and passwords from Azure AD to make them available for the virtual computers in an Azure network.
You can use the Active Directory Administrative Center or Active Directory PowerShell to administer managed domains. With AADDS,