Benefits of migration from the Classic to Resource Manager deployment model in Azure Active Directory Domain Services

Azure Active Directory Domain Services (Azure AD DS) lets you migrate an existing managed domain that uses the Classic deployment model to the Resource Manager deployment model. Azure AD DS managed domains that use the Resource Manager deployment model provide additional features such as fine-grained password policy, audit logs, and account lockout protection.

This article outlines the benefits for migration. To get started, see Migrate Azure AD Domain Services from the Classic virtual network model to Resource Manager.

Note

In 2017, Azure AD Domain Services became available to host in an Azure Resource Manager network. Since then, we have been able to build a more secure service using the Azure Resource Manager's modern capabilities. Because Azure Resource Manager deployments fully replace classic deployments, Azure AD DS classic virtual network deployments will be retired on March 1, 2023.

For more information, see the official deprecation notice

Migration benefits

The migration process takes an existing managed domain that uses the Classic deployment model and moves to use the Resource Manager deployment model. When you migrate a managed domain from the Classic to Resource Manager deployment model, you avoid the need to rejoin machines to the managed domain or delete the managed domain and create one from scratch. VMs continue to be joined to the managed domain at the end of the migration process.

After migration, Azure AD DS provides many features that are only available for domains using Resource Manager deployment model, such as the following:

• Fine-grained password policy support.
• Faster synchronization speeds between Azure AD and Azure AD Domain Services.
• Two new attributes that synchronize from Azure AD - manager and employeeID.
• Access to higher-powered domain controllers when you upgrade the SKU.
• AD account lockout protection.
• Email notifications for alerts on your managed domain.
• Use Azure Workbooks and Azure monitor to view audit logs and sign-in activity.
• In supported regions, Azure Availability Zones.
• Integrations with other Azure products such as Azure Files, HD Insights, and Azure Virtual Desktop.
• Support has access to more telemetry and can help troubleshoot more effectively.
• Encryption at rest using Azure Managed Disks for the data on the managed domain controllers.

Managed domains that use a Resource Manager deployment model help you stay up-to-date with the latest new features. New features aren't available for managed domains that use the Classic deployment model.

Next steps

To get started, see Migrate Azure AD Domain Services from the Classic virtual network model to Resource Manager.