(2016-10-15) Azure AD Domain Services Has Reached GA

Since a few days Azure AD Domain Services is Generally Available!

–

There are quite a few enhancements and features since the service first went into preview late last year.

• Support for secure LDAP: You can access your managed domain using LDAPS (secure LDAP), including over the internet.
• Custom OU support: Users in the ‘AAD DC Administrators’ delegated group can create and administer a custom organizational unit on your managed domain.
• Configure managed DNS for your domain: Users in the ‘AAD DC Administrators’ delegated group can administer DNS on your managed domain using Windows Server DNS administration tools.
• Domain join for Linux: We’ve worked with RedHat to document how you can join a RedHat Linux VM to your managed domain.
• New and improved synchronization with your Azure AD tenant: We have re-designed the synchronization between your Azure AD tenant and your managed domain. For existing domains, this new improved synchronization has been rolled out automatically in a phased manner.
• The ‘password does not expire’ attribute: Some accounts had the ‘password-does-not-expire’ attribute set on them, for example, service accounts. The password policy was being enforced for these accounts in managed domains, resulting in their passwords expiring. Passwords for such accounts will not expire.
• Incorrect group display name for accounts created in Azure AD: The samAccountName attribute for groups created in Azure AD was not being set correctly in the managed domain. These were being set to GUIDs instead of valid samAccountName.
• SID history sync: The on-premises primary user and group SIDs will now be synchronized to your managed domain and set as the SidHistory attribute on corresponding users and groups. This cool feature helps you lift-and-shift your workloads to Azure without having to worry about re-ACLing them.
• Virtual network peering: The Azure networking team recently announced GA for virtual network peering. This awesome feature makes it easy to connect Domain Services to other virtual networks. You can connect a classic virtual network in which your managed domain is available to workloads deployed in resource manager virtual networks using network peering.

–

More information:

• AzureAD Domain Services is now GA! Lift and shift to the cloud just got WAY easier!
• Azure Active Directory Domain Services documentation

–

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

(2015-10-14) Azure Active Directory Domain Services (Preview)

Original source: https://azure.microsoft.com/en-us/documentation/articles/active-directory-ds-features/

–

This is really really cool!

–

Azure Active Directory Domain Services is basically“"Domain Controller As A Service (DCaaS)”. You can:

• “Lift-and-shift” apps to Azure more easily than ever
• Use LDAP, Active Directory domain join, NTLM, and Kerberos authentication
• Rely on a managed, highly-available service
• Get started in minutes, pay as you go
• Dev and test with no identity worries
• Manage Azure virtual machines effectively using Group Policy

–

Azure Active Directory Domain Services lets you join Azure virtual machines to a domain without the need to deploy domain controllers. Users can sign in to these virtual machines using their corporate Active Directory credentials and access resources seamlessly. You can more-securely administer domain-joined virtual machines using Group Policy—an easy, familiar way to apply and enforce security baselines on all of your Azure virtual machines

–

The following features are available in the Azure AD Domain Services preview release.

• Simple deployment experience: You can enable Azure AD Domain Services for your Azure AD tenant using just a few clicks. Regardless of whether your Azure AD tenant is a cloud-tenant or synchronized with your on-premises directory, your managed domain can be provisioned quickly.

• Support for domain-join: You can easily domain join computers in the Azure virtual network that Azure AD Domain Services is available in. The domain join experience on Windows client and Server operating systems works seamlessly against domains serviced by Azure AD Domain Services. You can also use automated domain join tooling against such domains.

• One domain instance per Azure AD directory: You can create a single Active Directory domain for each Azure AD directory.

• Create domains with custom names: You can create domains with custom names (eg. contoso.local) using Azure AD Domain Services. This includes both verified as well as unverified domain names. Optionally, you can also create a domain with the built-in domain suffix (i.e. *.onmicrosoft.com) that is offered by your Azure AD directory.

• Integrated with Azure AD: You do not need to configure or manage replication to Azure AD Domain Services. User accounts, group memberships and user credentials (passwords) from your Azure AD directory are automatically available in Azure AD Domain Services. New users, groups or changes to attributes ocurring in your Azure AD tenant or in your on-premises directory are automatically synchronized to Azure AD Domain Services.

• NTLM and Kerberos authentication: With support for NTLM and Kerberos authentication, you can deploy applications that rely on Windows Integrated Authentication.

• Use your corporate credentials/passwords: Passwords for users in your Azure AD tenant work with Azure AD Domain Services. This means users in your organization can use their corporate credentials on the domain – for domain joining machines, logging in interactively or over remote desktop, authenticating against the DC etc.

• LDAP bind & LDAP read support: You can use applications that rely on LDAP binds in order to authenticate users in domains serviced by Azure AD Domain Services. Additionally, applications that use LDAP read operations to query user/computer attributes from the directory can also work against Azure AD Domain Services.

• Group Policy: You can leverage a single built-in GPO each for the users and computers containers in order to enforce compliance with required security policies for user accounts as well as domain joined computers.

• Available in multiple Azure regions: See the supported Azure regions page for a list of Azure regions in which Azure AD Domain Services are available.

• High availability: Azure AD Domain Services offer high availability for your domain. This offers the guarantee of higher service uptime and resilience to failures. Built-in health monitoring offers automated remediation from failures by spinning up new instances to replace failed instances and to provide continued service for your domain.

• Use familiar management tools: You can use familiar Windows Server Active Directory management tools such as the Active Directory Administrative Center or Active Directory PowerShell in order to administer domains provided by Azure AD Domain Services.

–

UPDATE 2015-10-21: Check https://azure.microsoft.com/en-us/regions/#services to see if this service is (already) available or not in your region

–

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————