2,589 questions
If you are just using cloud applications such as Slack etc. that support SAML or OIDC then you do not need AAD DS. AAD DS is only really needed if you need to support legacy applications that require LDAP.
Azure AD Domain Services Setup
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 55.00000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
Jordan Lance
66
Reputation points
Hi, we have recently been migrated to Microsoft 365 and are taking a cloud-first approach and so have an active Azure AD setup as part of our Microsoft Business Premium licenses.
The problem we will face soon is that we do not use any LDAP/Azure Domain Services for SSO capabilities and so accounts for Slack, VPN etc. are all licensed locally with each respective application. This poses a future problem with the administration of hundreds, if not thousands of accounts across multiple applications instead of managing them via Azure AD Domain Services.
My question is, how do we go about setting up Azure AD Domain Services when we already have a live and used Azure AD from our M365 licenses?
Any help would be appreciated!
Microsoft Security Microsoft Entra Other
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shashi Shailaj 7,631 Reputation points Microsoft Employee Moderator2021-06-10T03:21:07.703+00:00 @Jordan Lance , You have mentioned that you do not use any LDAP/Azure domain services for SSO capabilities . Do you have any application that depends on LDAP for authentication or any legacy auth methods like Kerberos/NTLM authentication in your on-premise setup . Azure AD domain services setup is something that's recommended for cloud-first organizations where your LOB applications do not support modern authentication protocol like oAUth / OpenID and rely on older protocols generally used in on-prem Active directory scenario? If you do not have any such application , you may not need azure AD domain services . ut we can discuss more once you provide information on the kind of applications you are trying to migrate to Azure and if all your users are going to work remotely in future or they will work from a designated physical Office location.
-
Jordan Lance 66 Reputation points
2021-06-10T03:52:10.967+00:00 Hi, thanks for the message back.
In terms of applications, most of our apps are already cloud-based and we just want to link then to be able to login using SSO.
The main ones are things like NetExtender VPN from our Sonicwall Firewall, Eploy Applicant Tracking, Autodesk, Adobe, CMAP etc.
In addition, users will be working from home and in office locations across the UK.
Thanks for your help!
-
Shashi Shailaj 7,631 Reputation points Microsoft Employee Moderator
2021-06-11T19:57:17.777+00:00 @Jordan Lance ,
As far as I know autodesk and Adobe are standalone apps and download the license directly from the web these days so should not be a problem but I would suggest you to check with their enterprise support teams to be sure. The rest I am not sure. If your netextender VPN can only use active directory to verify user creds then you may have to set up Azure AD domain services but first test it out if it works because Azure AD domain services is not exactly similar to On-prem AD .1/2
-
Shashi Shailaj 7,631 Reputation points Microsoft Employee Moderator
2021-06-11T19:57:27.34+00:00 As @Sam Cogan has mentioned in the answer that if the application does support SAML/WSfed/OIDC then you wont need Azure AD domain services. Check with sonicwall support if the netextender VPN component supports oAuth/Open ID connect / SAML / WSfed validation with azure AD . Then probably with their help you can setup a SSO with azure AD. An example for Fortigate SSL VPN is here . And if it does not support SAML then you can setup Azure AD domain services and set the firewall normally . I am not sure how the interface looks like but the process should be similar to any other VPN firewall . Please let me know in case of any further queries If it was helpful , please do accept the answer.
2/2
Sign in to comment
Accepted answer
-
Sam Cogan 10,812 Reputation points Microsoft Employee Volunteer Moderator2021-06-10T08:47:06.64+00:00