Active Directory, Azure Active Directory and Azure AD Domain Services Explained

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in this video I'm gonna try to make sense out of all the directory options from Microsoft hello everyone my name is Travis and this is Ciraltos there's a lot of confusion with identity services from Microsoft and Azure I get it there are like three identity options all with Active Directory in the name in this video I'm gonna review the different options and give some examples of how each may be used hopefully I'll be able to help answer the question do we still need two main controllers before I jump into that please take a second to subscribe it's painless and it might even bring you good luck I'm going to just jump into a by outlining the three different directory services that can be somewhat confusing they are Active Directory Domain Services Azure Active Directory and Azure Active Directory domain services first up is Active Directory domain services I've been calling this Active Directory or AD since Server 2000 and I'm not going to stop for this video Active Directory is an on-premise directory service used by the majority of companies over the past 20ish years here are some characteristics in no particular order it's a hierarchical directory it has an extensible schema it stores objects such as users computers group and security principles you can use group policies to manage users and devices it's highly available multi-master but that does require multiple servers it supports Kerberos LDAP and ntlm for authentication it's based on standards such as LDAP and DNS and it requires dedicated domain controllers Active Directory has been around for a long time and is well documented it does require dedicated servers and relatively speaking it uses a lot of resources both from compute for things like backup version updates and patching Network resources for replication also management of users group sites from my perspective I can see why some might be interested in an alternative next is Azure Active Directory if you use an O365 or product or Azure you have azure ad it's very different from Active Directory domain service but the to complement each other while ad supports network based authentication like Kerberos and NTLM azure ad supports web-based authentication such as OAuth and SAML here's a list of characteristics it's a cloud-based identity solution it's used for office 365 and Azure user management it contains users groups applications and security principles it leverages web-based OAuh 2 SAML2 or open ID for authentication it can be managed with a graph API it's multi-tenant and it has a flat architecture it's not extensible there's no GPOs there's four licensing options free basic premium 1 and premium 2 each one with more features and a higher price as you move along it's tennant base and tied to an enrollment let's pause the overview for a minute and go over how these two directory services complement each other remember that Active Directory the on premises one uses Network authentication like Kerberos and ntlm and azure Active Directory is cloud-based and uses OAuth and SAMLfor accessing cloud-based services like o365 now wouldn't it be great if you could synchronize these two somehow so users and admins didn't have to manage two different identities for services in the cloud and on-premises well let me introduce you to ad Connect this is a small service that runs on your internal network that replicates IDs and other attributes from Active Directory to Azure Active Directory it can replicate password hashes and gives users the same username and passwords for on-premises AD and Azure ad services it's capable of more than that but that's outside the scope of this video let's get back to it with the third active directory option this time Azure Active Directory domain services this is close to the traditional on-premises ad that we all know and love but hosted in Azure here are some characteristics it's a cloud-based paas offering it supports LDAP Kerberos and ntlm it's compatible with Windows Active Directory domain services and it integrates with Azure ad there are no domain or enterprise admin accounts you cannot extend the schema you cannot trust other forests or domains and LDAP is read-only Azure AD domain services use Azure AD as a source for management so objects added to and managed from Azure AD are replicated to Azure AD DS now what happens if we put all of these three services together in this configuration identities are created in AD synchronized to Azure ad with AD connect and then to Azure Active Directory domain services but why would you do this let's say you have an IIS application that doesn't support modern authentication and you want to move it quickly to Azure without having to deploy servers as domain controllers with this model you can lift and shift the server into Azure without deploying ad servers or relying on a VPN or Express route connection back to your network here's a breakdown of the services and limitations that I went over this is not all-inclusive by any means but it should give you an idea of how these services compare to each other so our domain controllers still needed I've been in this business for 20 years and I'll give you the qualified answer it depends if your cloud native no servers on-premises and using Azure ad join along with mobile device management solutions like Intune you may be able to leverage just Azure AD if your cloud native but have third-party applications that require Active Directory you may be able to get away with Azure AD and Azure AD domain services the sticking point will be no domain or enterprise admin that may become hard to work around especially with third-party applications for the rest companies that rely on traditional Active Directory for using group management need to extend schemas and rely on trust relationship you will be stuck with the main controllers for some time Azure AD directory services can still be leveraged but it will complement traditional Active Directory not replace it hopefully this information will help you understand the different directory services offered by Microsoft and how they may be applied to your organization I hope you found this helpful please don't forget to subscribe and thanks for watching
Info
Channel: Travis Roberts
Views: 38,784
Rating: 4.9699998 out of 5
Keywords: Azure, Azure Active Directory, Azure Active Directory Domain Services, Azure AD Domain Services, Azure AD DS, Azure AD, Microsoft AD, Microsoft Active Directory, Active Directory Domain Services, Active Directory Explained, Walkthrough, walk through, tutorial, AD Connect, Microsoft Learning, Active Directory Configuration, setup, domain controllers, hybrid, Active Directory Hybrid, NTLM, OAuth, Kerberos, NTLMS
Id: GB1DvtkREzA
Channel Id: undefined
Length: 6min 39sec (399 seconds)
Published: Mon Jul 29 2019
Related Videos
Deploy Azure AD Domain Service and Join a Server to the Domain
Travis Roberts
47K
What is Active Directory?
ManageEngine ADSolutions
188K
What Is Microsoft Intune? (Microsoft Endpoint Manager)
Harry Lowton
18K
Azure Files SMB Access with Windows AD
Travis Roberts
30K
Azure Active Directory (AD, AAD) Tutorial | Identity and Access Management Service
Adam Marczak - Azure for Everyone
240K
An introduction to Office 365 and Azure Active Directory
Microsoft Tech Summit
66K
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
10M
Azure AD - #2 - AzureAD Connect
Azure Academy
61K
Lets Get One Thing Straight | Azure AD Domain Services
Azure Academy
13K
Active Directory Domain Services For Beginners - Windows Server 2019
ittaster
23K
Authentication fundamentals: The basics | Azure Active Directory
Microsoft Azure
87K
Settings Up Azure Active Directory Domain Services
MasterVisualStudio
150K
Getting Started with Azure Bicep
Travis Roberts
2.3K
Azure Security Center and Azure Sentinel Overview (AZ-500)
John Savill's Technical Training
29K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.