Solved

Azure Cloud Active Directory

Posted on 2015-01-20
5
150 Views
Last Modified: 2015-10-11
Hey everyone,

I have three sites where the client does not want to incur the management of physical servers.  They would rather push their AD to the cloud.  Currently they do not have AD just three sites with a mix of WIndows 7 Pro  workstations and no central management.

Based on the diagram I have attached, has anyone setup up anything like this? Azure documentation says that on prem DNS and AD is needed.  I am trying to do it without this and all over a site to site VPN connection.

Any Thoughts?

Azure brainstorm idea
0
Comment
Question by:nappy_d
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40561317
You cannot do what you want. The closest you can get is a VM in azure running as a DC. But at that point, VMs still need management, patching. You are only shuffling off the cost of hardware maintenance. And if a VPN link is down, so it all authentication. I still *strongly* recommend a DC (or RODC) at every site.
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 0 total points
ID: 40562868
There has been a change Google cloud wil be used to store company data instead of a NAS at each site. We don't want a DC at each site and even if the VPN link is temporarily lost, Windows profiles will be cached to allow pre-existing users to continue their login.

Have you done such a setup before?

Are there issues with sonicwalls? Or is this agnostic in relation to Vpn hardware.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40563007
I have done it in a lab, and in some larger environments I have a DC in a VM in Azure for redundancy in ADFS scenarios, but I do not have any environments where the *only* DC is in Azure. I still see too many performance and reliability issues to make that practical. YMMV.  As far as VPNs go, a site to site VPN should be fine as long as you stick to industry standards. Most sonicwalls I've seen can be configured to work, but you won't be using their proprietary client or engine.
0
 
LVL 32

Author Closing Comment

by:nappy_d
ID: 40602735
currently testing with AWS.  Found some documentation on AWS on how to set this solution up.
0
 

Expert Comment

by:zimboman
ID: 41035406
Care to share the AWS experience Nappy?
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question