Doit-on mettre en place un AD DS pour une infrastructure 100% cloud ?

ASI-23023 25 Reputation points
2023-05-12T09:34:46.87+00:00

Bonjour,

Dans le cadre de mon projet d'école je dois faire (simuler) la mise en place d'une infrastructure 100% azure cloud et j'aimerais savoir s'il y a une réel utilité (en général) de mettre en place un Azure AD Domain Services?

(Doit-on mettre des contrôleurs de domaine comme dans une infrastructure physique classique ?)

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,084 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 35,541 Reputation points Microsoft Employee
    2023-05-15T23:44:18.72+00:00

    @ASI-23023

    Yes, you can set up Azure Active Directory Domain Services (Azure AD DS) in a 100% Azure cloud (cloud-only) infrastructure**.** See: Azure AD DS for Cloud-Only Organizations

    With Azure AD DS, all of the domain service components would be maintained for you by Microsoft. As detailed in Azure AD DS and self-managed AD DS:

    With Azure AD DS, the core service components are deployed and maintained for you by Microsoft as a managed domain experience. You don't deploy, manage, patch, and secure the AD DS infrastructure for components like the VMs, Windows Server OS, or domain controllers (DCs).

    If you are looking to configure a cloud-only environment, your two options are: 1. Configure Azure AD Domain Services in an Azure AD tenant that doesn't have an on-premises identity source. In this scenario, the user accounts and group memberships would be created and managed directly in Azure AD. 2. Run a standalone self-managed cloud-only AD DS wherein you configure Azure VMs as domain controllers.

    One thing to note is that Azure AD DS has some limitations and provides a smaller subset of features to traditional self-managed AD DS environment. Some of these limitations are noted here and include the fact that there will be no AD forests, domain, sites, and replication links to design and maintain. The benefit of using Azure AD DS though is that you will get the advantage of domain join, group policy, LDAP, and Kerberos/NTLM authentication, but you won't need to deploy, manage, and patch domain controllers in the cloud.

    References:

    [Azure AD DS for Cloud-Only Organizations]

    Compare self-managed Active Directory Domain Services, Azure Active Directory, and managed Azure Active Directory Domain Services

    Tutorial: Create and configure an Azure Active Directory Domain Services managed domain

    How does Azure AD DS work?

    Youtube: Azure Active Directory Domain Services Overview

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful