Active Directory

Azure AD Domain Services Reaches General Availability


Roughly a year after it was released in preview form, Microsoft announced general availability of Azure Active Directory (AAD) Domain Services. In today’s Ask the Admin, I’ll look at the managed service in more detail, and the changes since it previewed last year.



Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts on our website.

AAD is primarily an identity management solution for apps born in the cloud, but many organizations also deploy full-scale server installations of SharePoint and Exchange in Azure that rely on AD for user and computer authentication. But because AAD supports a different set of protocols, such as OAuth and OpenID Connect, one or more domain controllers also had to be deployed.

To address that problem, or as Microsoft puts it, “lift-and-shift” apps to the cloud, AAD Domain Services extends the capabilities of AAD to provide many of the features of an on-premises AD deployment without needing to install domain controllers (DCs) in the cloud, set up ExpressRoute, or a VPN to connect on-premises DCs to Azure. AAD Domain Services relieves organizations of having to maintain, secure and patch DCs in the cloud, is highly available and priced based on usage.

AAD Domain Services adds some domain controller capabilities to AAD, including Kerberos, Windows Integrated Authentication, and NTLM, support for Group Policy and Lightweight Directory Access Protocol (LDAP). And although it’s not a necessity, it’s also possible to synchronize AAD to on-premises AD, further expanding the possible scenarios in which AAD Domain Services could be deployed. For a list of deployment scenarios, and restrictions of AAD Domain Services in each case, see Deployment scenarios and use-cases on Microsoft’s website.

Since it was first released in preview form last year, Microsoft has added support for secure LDAP, and the ability for “AAD DC Administrators” to configure DNS for managed domains and create custom Organizational Units (OUs). There’s also domain join for Linux, and if you need more information, there’s documentation on how to join RedHat Linux VMs to a domain. Virtual network peering allows AAD Domain Services to be connected to other virtual networks, such as those deployed using Azure Resource Manager.

Microsoft is offering a discount until December 1, 2016, where pricing is per hour and based on the number of objects in your directory. Directories with less than 25,000 objects will be charged $0.10 and $0.15 after December 1st, while directories with between 25,001 and 100,00 objects will be charged $0.20 and $0.40 after December 1st.

Stay tuned to the Petri IT Knowledgebase for more articles on how to use AAD Domain Services soon.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Office 365 Coexistence for Mergers & Acquisitions: Don’t Panic! Make it SimpleLive Webinar on Tuesday, November 16, 2021 @ 1 pm ET

In this session, Microsoft MVPs Steve Goodman and Mike Weaver, and tenant migration expert Rich Dean, will cover the four most common steps toward Office 365 coexistence and explain the simplest route to project success.

  • Directory Sync/GAL Sync – How to prepare for access and awareness
  • Calendar Sharing – How to retrieve a user’s shared calendar, or a room’s free time
  • Email Routing – How to guarantee email is routed to the active mailbox before and after migration
  • Domain Sharing – How to accommodate both original and new SMTP domains at every stage

Aimed at IT Admins, Infrastructure Engineers and Project Managers, this session outlines both technical and project management considerations – giving you a great head start when faced with a tenant migration.the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

Sponsored by: