eliminate regular domaincontroller

When we install a server for a customer we always set-up a regular installation. A Domaincontroller and a Terminal Server where the users van connect en work on.

is it possible to eliminate the Domaincontroller? can we just setup a Terminal server and connect to a Active Directory in the cloud? Azure?

so that users can login with there microsoft live id instead of a normal domainname and user?
Rik Van LierOwner Abicom.pro bvbaAsked:
Who is Participating?
You can go down the route of using Azure VM's as DC's and putting Active Directory in Azure. See here and here.
Azure AD ID and live Id are not same

U can have windows 2016 server and directly join to Azure AD if you already have Azure AD setup

You can link your live ID so that workstation can login to live id instead of local windows account / domain account, but it not means you can control file server permissions for azure accounts
John TsioumprisSoftware & Systems EngineerCommented:
Something i probably missed...when you say "we just setup a Terminal server and connect to a Active Directory in the cloud? Azure?" there is AD infrastructure on the cloud so why not connect the Terminal Server to it (probably via site-site VPN)
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

It sounds to me like you're after is Azure Active Directory Domain Services and not Azure AD; see here. Azure AD is more about identity. You cannot domain join devices to Azure AD in the traditional sense. To the best of my knowledge you can Azure AD join Windows 10 devices, but this is not the same as joining your device to an on-premises or Azure AD DS domain. Remember that Active Directory is made up of 5 parts:

  • Active Directory Domain Services (AD DS): What most people seem to like calling "AD". If you need Kerberos, NTLM, LDAP, DNS, GPO's, etc.
  • Active Directory Certificate Services (AD CS): Internal PKI if you have your own private CA.
  • Active Directory Federation Services (AD FS): To federate internal AD identity with Azure AD identity (on-premises SSO to O365, etc.).
  • Active Directory Lightweight Directory Services (AD LDS)
  • Active Directory Rights Management Services

If you need the services offered by these offerings above, Azure AD is not for you. I didn't bother going into LDS or RMS as I don't think based off your business you have described you would be looking at these. At the end of the day Azure AD is designed to be out floating on the Internet. Its not designed to authenticate you to your Windows terminal services.

Azure Active Directory Domain Services on the other hand can. Its basically IaaS for AD (where Microsoft manage the VM's and you just look after your directory). Alternatively you could try putting your VM's in Azure as Azure VM's and using direct connect.
Rik Van LierOwner Abicom.pro bvbaAuthor Commented:
@Learnctx so with Azure Active Directory Domain services i can connect a server that is on premise?
If you're looking at moving your servers into Azure you can yes. It won't eliminate the need for Active Directory on-premises to authenticate, but you could put your RDS and DC's into Azure and eliminate having the servers out there at all, see use case here. Or must the RDS box remain on-premises?
Rik Van LierOwner Abicom.pro bvbaAuthor Commented:
yes the RDS servers need to be on-premeses. so no luck there.

the reason i was thinking of this was because when the on premeses AD server has an issue the users cannot login anymore.

when i can move the ad into the cloud i do not have this anymore
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.