Share via

Windows Active Directory setup in Azure

Archimedes S. Gaviola 0 Reputation points
2024-04-25T07:04:00.1+00:00

Hi,

I plan to setup a Windows Active Directory (AD) using VMs (1 for PDC and 1 for BDC) in the Azure cloud environment and it should sync the AD in the on-prem via the established site-to-site IPsec VPN link. What are the pros and cons? Which is better in terms of cost considering the same setup with Microsoft Entra ID?

Thanks,

Archimedes

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,213 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Timmy Malmgren 886 Reputation points
    2024-04-25T08:13:26.82+00:00

    Hello

    This can be a very large topic and a difficult question to just answer shortly, but ill give you some summary at least. :)

    Entra ID have a lot of more integration with all O365 and Azure services, and is managed by Microsoft with all the resilience you get from that. There are a lot of built-in services you can use to manage your identity's trough Entra ID. Things as MFA is very easy to manage as its just an integrated service, easier mobile managment and much more.

    Active Directory of course have more native integration with most application running inside the Windows OS (although Entra ID is constantly evolving in that area, with Entra joined devices and so on). Most customer cases i have been working with have hybrid environment and also an on-premise active directory domain.

    Some fundamentals compared between the two

    https://learn.microsoft.com/en-us/entra/fundamentals/compare

    Entra Connect

    You can also sync your Active Directory accounts from on-premise to Entra ID to create hybrid identity's, these users will exist in both Entra ID and Active Directory for giving you the integration on both services and a more pleasant user experience in hybrid environments.
    https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/whatis-azure-ad-connect

    There might be even more things to consider of course.

    If your setting up the Domain Controllers in Azure as a redundancy for domain joined servers in Azure, this might be a big argument why its definitely the right approach. setting up two additional VM:s is of course adding some costs to your environment.
    Entra ID is "free" in its basic form, but a lot of features needs licenses for users.

    Using Entra Connect to sync users from on-premise also "forces" you to manage does users in the on-premise active directory.

    Since this is a large topic, feel free to ask additional questions :)

    Hope this is helpful and remember shared knowledge is the best knowledge 😊

    Best Regards,

    Timmy Malmgren

    If the Answer is helpful, please click "Accept Answer" and upvote it as it helps others to find what they are looking for faster!

    0 comments