Solved

Azure Cloud Active Directory

Posted on 2015-01-20
5
147 Views
Last Modified: 2015-10-11
Hey everyone,

I have three sites where the client does not want to incur the management of physical servers.  They would rather push their AD to the cloud.  Currently they do not have AD just three sites with a mix of WIndows 7 Pro  workstations and no central management.

Based on the diagram I have attached, has anyone setup up anything like this? Azure documentation says that on prem DNS and AD is needed.  I am trying to do it without this and all over a site to site VPN connection.

Any Thoughts?

Azure brainstorm idea
0
Comment
Question by:nappy_d
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40561317
You cannot do what you want. The closest you can get is a VM in azure running as a DC. But at that point, VMs still need management, patching. You are only shuffling off the cost of hardware maintenance. And if a VPN link is down, so it all authentication. I still *strongly* recommend a DC (or RODC) at every site.
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 0 total points
ID: 40562868
There has been a change Google cloud wil be used to store company data instead of a NAS at each site. We don't want a DC at each site and even if the VPN link is temporarily lost, Windows profiles will be cached to allow pre-existing users to continue their login.

Have you done such a setup before?

Are there issues with sonicwalls? Or is this agnostic in relation to Vpn hardware.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40563007
I have done it in a lab, and in some larger environments I have a DC in a VM in Azure for redundancy in ADFS scenarios, but I do not have any environments where the *only* DC is in Azure. I still see too many performance and reliability issues to make that practical. YMMV.  As far as VPNs go, a site to site VPN should be fine as long as you stick to industry standards. Most sonicwalls I've seen can be configured to work, but you won't be using their proprietary client or engine.
0
 
LVL 32

Author Closing Comment

by:nappy_d
ID: 40602735
currently testing with AWS.  Found some documentation on AWS on how to set this solution up.
0
 

Expert Comment

by:zimboman
ID: 41035406
Care to share the AWS experience Nappy?
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimized for private cloud infrastructures and datacenters, Nano Server is minimalistic, yet super-efficient, OS for services such as Hyper-V and Hyper-V cluster. Learn how you can easily deploy Nano Server and unlock its power!
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question