In this video I walk through extending your Active Directory into Azure in addition to understanding where Azure AD and Azure AD Domain Services may play a part.
Great Video and explanations- wish I had found this a few weeks ago to save me hours of trawling knowledge articles and half baked explanations of the differences between those technologies 👍
Great work John. What would you suggest for a lab setup in Azure to play with Active Directory, Azure AD, ADFS with minimum infrastructure. Thanks in advance!
If just for learning go as cheap as you can with a couple of B series VMs and make up an AAD tenant. Remember to shut down the VMs when not using them. A trial subscription would be fine for learning.
Hi John, would you say @ 21:00 seems to be common to small and medium businesses and would you call this a Hybrid setup as it seems....thanks for sharing.
I don’t think it’s size specific. It could be you don’t have any AD. You are cloud native so just aad with cloud accounts. Then you need to deploy something that needs ad so aadds can solve that. You may also be a huge company that just won’t put ad in some special cloud situation. It’s one tool in your belt. If you already have ad though most likely you just extend it to azure for most scenarios but good to have options ;)
Hi John, thank you for the amazing video, I learned a lot, but wanted to ask some specific questions about deploying AD in the cloud: So my company does not have an on-prem location, therefore we don't have an AD DC already in place. We telework and will be getting company laptops soon, so I have the task of figuring out how to join the computers to a domain deployed in the cloud (DCs would be in the cloud). I won't put public IPs into my DCs for secuirty reasons like you mentioned in the video. To connect the laptops and the Vnet where the DCs are, I deployed a P2S VPN which will authenticate them using a the DCs as RADIUS servers for authentication. I have not tried to authenticate using RADIUS or joined any laptops yet (I will comment below once I do just to see how that turned out), but my questions for now are: Do you think (or know) if it is possible to manage remote devices (company laptops) with group policies, OUs, etc using the AD DCs in Azure? If I managed to make the laptops connect to the P2S connection at startup using a .bat file (not completely sure if it would work or if that would be secure) do you think users could be asked to authenticate through kerberos before getting access to the laptop (like on premises)? Thank you very much, I appreciate any feedback.
I would use on the local machine this PS cmd Test-ComputerSecureChannel with -repair parameter for computer objects to establish the authentication again.
If one use azure ADDS, compared to the active directory on the cloud and no utilise the group policies and OU hierarchy from the on-premise, are we doing configuration twice? Once in on-prem AD and another on the Azure ADDS? Why would one limit and do double work with azure ADDS vs creating a active directory on the cloud? Just for the kerberos authentication?
Azure ADDS is completely different from on-premises so complete separate everything. Generally you would just extend AD from on-premises into Azure if thats what you do.
An interesting/challenge to all this would be this - docs.microsoft.com/en-us/azure/active-directory-domain-services/overview As it is now the only flaw is that it's not multi region able - docs.microsoft.com/en-us/azure/active-directory-domain-services/network-considerations Removing all onprem/cloud domain controllers and still offer the functionality without need of patching and so forth? Tempting thought indeed...
I really appreciate you explaining your thoughts/logic behind how to best set up AD in Azure. This is an excellent video!
My pleasure. Glad its useful.
I love the statement "trust is what it boils down to". 9/10 times it's cost!
Great video and explanation.
Awesome, simplified... thank you Sir.
Great Video and explanations- wish I had found this a few weeks ago to save me hours of trawling knowledge articles and half baked explanations of the differences between those technologies 👍
Glad you found it 😉
Exceptional, great video. Finally i understood what kind of AD is stuitable for what kind of scenarios.
Great. I just posted the line between ad and aad video as well which may help as well. 🤙
@@NTFAQGuy super, i am going to check it out :)
Hello John. Thank you for the video. Very clear explanation. Your teaching is just amazing. Cheers
Glad it was helpful!
Instablaster.
great work, very useful!!
Thanks for another one Big J
Wonderfull video which describe very all the differences. Really thank you.
Glad it was helpful!
enjoying this video for today learning, thanks a lot!
Another awesome 👏🏾 video!
Thanks!
Hi John , Great video keep it up , pls see if you can make some videos of use cases in Azure based on your experience with different customers.
Thanks John, really well explained as always! A RO-DC in the Restroom?! I hope they were doing an "ipconfig /flushdns" regularly!! ;-)
OMG, that's awesome. A challenge coin is yours if you want one. :-)
@@NTFAQGuy Yes please. Cannot say no to that! I am a big Fan! :-)
@@MMTheWGA Email me an address and i'll pop a challenge coin in the mail!
@@NTFAQGuy Have sent you a message on LinkedIn, Thank you :-)
Great work John. What would you suggest for a lab setup in Azure to play with Active Directory, Azure AD, ADFS with minimum infrastructure. Thanks in advance!
If just for learning go as cheap as you can with a couple of B series VMs and make up an AAD tenant. Remember to shut down the VMs when not using them. A trial subscription would be fine for learning.
Hi John, would you say @ 21:00 seems to be common to small and medium businesses and would you call this a Hybrid setup as it seems....thanks for sharing.
I don’t think it’s size specific. It could be you don’t have any AD. You are cloud native so just aad with cloud accounts. Then you need to deploy something that needs ad so aadds can solve that. You may also be a huge company that just won’t put ad in some special cloud situation. It’s one tool in your belt. If you already have ad though most likely you just extend it to azure for most scenarios but good to have options ;)
In all the scenarios that you described, is it implied that you have to have VPN connectivity between your on-premises and the cloud?
if you are hybrid then s2s vpn or expressroute private peering
Hi John, thank you for the amazing video, I learned a lot, but wanted to ask some specific questions about deploying AD in the cloud:
So my company does not have an on-prem location, therefore we don't have an AD DC already in place. We telework and will be getting company laptops soon, so I have the task of figuring out how to join the computers to a domain deployed in the cloud (DCs would be in the cloud).
I won't put public IPs into my DCs for secuirty reasons like you mentioned in the video. To connect the laptops and the Vnet where the DCs are, I deployed a P2S VPN which will authenticate them using a the DCs as RADIUS servers for authentication.
I have not tried to authenticate using RADIUS or joined any laptops yet (I will comment below once I do just to see how that turned out), but my questions for now are:
Do you think (or know) if it is possible to manage remote devices (company laptops) with group policies, OUs, etc using the AD DCs in Azure?
If I managed to make the laptops connect to the P2S connection at startup using a .bat file (not completely sure if it would work or if that would be secure) do you think users could be asked to authenticate through kerberos before getting access to the laptop (like on premises)?
Thank you very much, I appreciate any feedback.
if you are starting fresh unless really needed use azure ad join instead.
@@NTFAQGuy Thanks, I will look into it.
Great video! Are there issues with computers objects like the Trust relationship error like we see in AD onprem with Azure AD?
It's just AD. If the computer account does not update as the machine is off etc you will have same issues.
I would use on the local machine this PS cmd Test-ComputerSecureChannel with -repair parameter for computer objects to establish the authentication again.
If one use azure ADDS, compared to the active directory on the cloud and no utilise the group policies and OU hierarchy from the on-premise, are we doing configuration twice? Once in on-prem AD and another on the Azure ADDS? Why would one limit and do double work with azure ADDS vs creating a active directory on the cloud? Just for the kerberos authentication?
Azure ADDS is completely different from on-premises so complete separate everything. Generally you would just extend AD from on-premises into Azure if thats what you do.
Hi John, please WVD and migration of existing physical machine
I already did an overview of WVD. Migration I will cover in my upcoming master class.
An interesting/challenge to all this would be this - docs.microsoft.com/en-us/azure/active-directory-domain-services/overview
As it is now the only flaw is that it's not multi region able - docs.microsoft.com/en-us/azure/active-directory-domain-services/network-considerations
Removing all onprem/cloud domain controllers and still offer the functionality without need of patching and so forth? Tempting thought indeed...
I cover azure ad ds in the video.