Home Blog Microsoft Active Directories - What They Are & When To Use Each of Them

Microsoft Active Directories - What They Are & When To Use Each of Them

 2020/11/14   Microsoft Cloud Solutions   1991 visit(s)




Active Directory (AD) is Microsoft's proprietary directory service. It runs on Windows Server and allows administrators to manage permissions and access to network resources. There are 4 types of Microsoft Active Directory, namely:

1. Active Directory (AD)

Microsoft Active Directory (most often referred to as a domain controller) is excellent for managing the authentication and authorization functions for users and computers within an organization. Its reliance upon member computers permanently joined to a domain and protocols such as LDAP for directory querying and Kerberos for directory authentication are no longer suitable for the modern Internet-centric, mobile style of work environment becoming the norm today.

Think of Active Directory as on-premise only, which means all of your authentication infrastructure is running on hardware in house.

2. Azure Active Directory (AAD)

Azure Active Directory (AAD) is a version of directory services “in the cloud” hosted on Microsoft Azure. AAD does have quite different capabilities and features compared to Windows Server Active Directory (AD). Its primary function at the moment is to manage users and the myriad of devices (Windows, Apple and Linux PC’s, tablets and smartphones, etc.) that users are employing in their work and social lives, particularly for remote users.

AAD is blurring the distinction between “on-premise" and “remote” users. AAD is the authentication and authorization mechanism for not only Azure, Office 365 and Intune, but is capable of tying in many other third-party authentication systems.

Think of Azure Active Directory as cloud only, which means if you have legacy software you will need to go with Hybrid Azure AD (HAAD).

3. Hybrid Azure AD (Hybrid AAD)

Hybrid Azure AD is used when you have your local Active Directory (domain controller) on-premise and want to synchronize your data to Azure Active Directory. Instead of having two sets of credentials in two different places, you can add it in the ‘onsite’ domain controller, and it will replicate to Azure AD with the help of a Microsoft software add-on called Azure AD Connect.

Hybrid Azure AD is the first step in achieving one single identity. Today, most of our clients have one set of credentials to log on to their laptop and one set of credentials to log on to their email hosted on Office 365. With Hybrid Azure AD, you can set up the synchronization to Office 365 and manage the users on-premise, using your existing local Domain Controller.

You have two options:

Option #1: You keep your ‘on-premise’ domain controller within your physical location, and install AD Connect to synchronize your users, and their passwords, with Azure AD.

Option #2: Move your existing ‘on-premise’ domain controller into a virtual machine hosted on Azure, install AD Connect to synchronize with Azure AD, and create a VPN connection between your office and the Azure datacenter where your domain controller is now hosted.

4. Azure Active Directory Domain Services (AAD DS)

Azure Active Directory Domain Services (AAD DS) is a standalone service in Azure that enables a domain controller for virtual machines in Azure, without setting up a standalone server as a domain controller. It creates a domain controller as a service, so you don’t need to worry about downtime, patching or other things.

It syncs users, groups, and passwords from Azure AD to make them available for the virtual computers in an Azure network.

You can use the Active Directory Administrative Center or Active Directory PowerShell to administer managed domains. With AADDS,

  • You will not need any virtual machine to host your Active Directory
  • You can use the same groups and users as in your Azure tenant for your virtual machines.
  • Passwords from your Azure tenant are replicated to your domain.
  • Your Azure AD Domain Services managed domain is deployed in the same Azure region as the virtual network you choose to enable the service.
  • AADDS is a continually billable service (you cannot turn it off).
If you have any questions, do not hesitate to get in touch with us.

Search the Blog

Subscribe Blog



IT & Cyber-Security Solutions

Best-in-class cyber security solutions to ...


Microsoft Cloud Solutions

Explore Ctelecoms extensive selection of ...


Datacenter Solutions

Solve issues, streamline operations, promote ...


Cloud Backup & Disaster Recovery Solutions

Keep your data, apps, emails and operations ...


Computing & Hyper-converged Infrastructure Solutions

Take your IT infrastructure to the next level ...


Unified Communications & Networking Solutions

Ensure you are securely connected with all ...


Meraki Networking Solutions

Quickly deploy a reliable, secure, cloud-managed ...