Solved

Azure Cloud Active Directory

Posted on 2015-01-20
5
142 Views
Last Modified: 2015-10-11
Hey everyone,

I have three sites where the client does not want to incur the management of physical servers.  They would rather push their AD to the cloud.  Currently they do not have AD just three sites with a mix of WIndows 7 Pro  workstations and no central management.

Based on the diagram I have attached, has anyone setup up anything like this? Azure documentation says that on prem DNS and AD is needed.  I am trying to do it without this and all over a site to site VPN connection.

Any Thoughts?

Azure brainstorm idea
0
Comment
Question by:nappy_d
  • 2
  • 2
5 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40561317
You cannot do what you want. The closest you can get is a VM in azure running as a DC. But at that point, VMs still need management, patching. You are only shuffling off the cost of hardware maintenance. And if a VPN link is down, so it all authentication. I still *strongly* recommend a DC (or RODC) at every site.
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 0 total points
ID: 40562868
There has been a change Google cloud wil be used to store company data instead of a NAS at each site. We don't want a DC at each site and even if the VPN link is temporarily lost, Windows profiles will be cached to allow pre-existing users to continue their login.

Have you done such a setup before?

Are there issues with sonicwalls? Or is this agnostic in relation to Vpn hardware.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40563007
I have done it in a lab, and in some larger environments I have a DC in a VM in Azure for redundancy in ADFS scenarios, but I do not have any environments where the *only* DC is in Azure. I still see too many performance and reliability issues to make that practical. YMMV.  As far as VPNs go, a site to site VPN should be fine as long as you stick to industry standards. Most sonicwalls I've seen can be configured to work, but you won't be using their proprietary client or engine.
0
 
LVL 32

Author Closing Comment

by:nappy_d
ID: 40602735
currently testing with AWS.  Found some documentation on AWS on how to set this solution up.
0
 

Expert Comment

by:zimboman
ID: 41035406
Care to share the AWS experience Nappy?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now