Let's look at an example for Litware Corporation, a hybrid organization that runs both on-premises and Azure resources: Azure AD DS then provides these legacy applications in Azure with an identity source, without the need to configure and manage application connectivity back to on-premises directory services. To support this hybrid infrastructure, identity information from an on-premises AD DS environment can be synchronized to an Azure AD tenant. Legacy applications migrated to Azure as part of a lift and shift strategy may use traditional LDAP connections to provide identity information. Many organizations run a hybrid infrastructure that includes both cloud and on-premises application workloads. As a managed service, Azure AD DS reduces the complexity to create an integrated identity solution for both hybrid and cloud-only environments.Ĭompare Azure AD DS with Azure AD and self-managed AD DS on Azure VMs or on-premises Azure AD DS for hybrid organizations If you deploy domain controllers using VMs in Azure, the IT team must manage the VMs, then secure, patch, monitor, backup, and troubleshoot them.Īzure AD DS offers alternatives to the need to create VPN connections back to an on-premises AD DS environment or run and manage VMs in Azure to provide identity services. With these approaches, VPN connections to the on-premises directory make applications vulnerable to transient network glitches or outages.
Applications that run on Windows Server are typically deployed on domain-joined virtual machines (VMs) so they can be managed securely using Group Policy. When you migrate existing workloads to the cloud, directory-aware applications may use LDAP for read or write access to an on-premises AD DS directory.
Common ways to provide identity solutions in the cloud This article outlines some common business scenarios where Azure AD DS provides value and meets those needs.
You use these domain services without the need to deploy, manage, and patch domain controllers in the cloud, which provides a smoother lift-and-shift of on-premises resources to Azure. Azure AD DS integrates with your existing Azure AD tenant, which makes it possible for users to sign in using their existing credentials. Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos / NTLM authentication.