Solved

Domain Controller in the cloud

Posted on 2013-05-22
6
1,045 Views
Last Modified: 2014-11-12
I am planning to move all of our services in the cloud. How does a domain controller in the cloud work and is this something doable? I did some research but it's all too technical to me. We're a small business with few locations and we use AD and have some login scripts. We don't have enough IT support while outsourcing it is too expensive, so is the reason to have everything hosted. Any recommendations - pros and cons and brief explanation of how that would work? I see MS Azure might be a good option.
Thanks!
0
Comment
Question by:Cozumel
6 Comments
 
LVL 28

Expert Comment

by:jhyiesla
ID: 39188042
I'm not terribly familiar with this concept.  However, the domain controller concept and AD itself is a critical key to the rest of your network functioning. While it's possible for a physical or virtual server to take a hit ( that's why you have more than one), what happens if your ONLY DC is in the cloud and you lose connectivity to the cloud.  I'd suspect that most network things would just fail to work because there's no way to authenticate anyone or resolve a name to an IP or look up resources in AD because there's no connectivity to AD. As I said, I will confess to some level of ignorance on this issue, but this is a really good question to ask.
0
 
LVL 5

Accepted Solution

by:
Eddie-Lopez earned 500 total points
ID: 39188074
Hi,

Yes, having your ADDS in the cloud is definitively doable, and you probably will need to do so if you plan on taking Exchange online or other services as well. Probably you should keep a local DC as well.

We are currently implementing Exchange Online / Office 365 / Lync and first we had to have our AD in the cloud. We are using Windows Azure and it works very nice, you can check their pricing to see if it fits your needs.

It's pros and cons are based on the fact that your ADDS will come from the cloud, which means that you should have enough Internet bandwidth to deal with this traffic, and if you go offline for some reason you will not have AD functionality (unless you keep a local DC, as stated above). But as long as you have Internet connection, you won't have to worry about anything else (if you have any trouble, Azure guys will deal with it). And it is great for mobile users, if you have any.

Hope this helps,

Eddie
0
 
LVL 3

Expert Comment

by:wlacroix
ID: 39188830
We host all our stuff internally on vmware, if you can afford it, its worth keeping all your stuff inside vs hosted.

Where you end up paying huge is with links to and from your branches, especially if they are dedicated links.
You can also do it via VPN but there is 100 times more management.

I guess my point is you have lots of options, not just hosted, your going to ultimately spend the same money on each one, its a matter of how much management you want to put on IT vs your other services.

Do the math on each solution and you will see what I am talking about.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 2

Expert Comment

by:ajjmunoz
ID: 39192952
Why do you you setup an AD LDS instance in case you lose connectivity to the cloud; or you could setup a read only domain controller somewhere.
0
 

Author Comment

by:Cozumel
ID: 39229471
Well, here's the thing I am planning to get Office 365 and all of my services will be in the cloud anyway, so if I lose internet connection my users won't be able to access anything anyway, but they still will be able to login to their computers, right? I am even wondering if I need domain controller at all - does it give any other benefits besides the script and computer policy?
Regarding Azure - Eddie, do they support active directory specific services as well or they only make sure your virtual machine is up and running?
0
 
LVL 5

Expert Comment

by:Eddie-Lopez
ID: 39229690
If you lose Internet connection with no local domain controller, your users will be able to login to their computers as long as they had logged before to that specific computer.

On Windows Azure AD services, I'm really not sure if they can manage it since we wanted to manage it ourselves. But here's the website, if you want more info on it:

http://www.windowsazure.com/en-us/services/identity/
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now