eliminate regular domaincontroller

When we install a server for a customer we always set-up a regular installation. A Domaincontroller and a Terminal Server where the users van connect en work on.

is it possible to eliminate the Domaincontroller? can we just setup a Terminal server and connect to a Active Directory in the cloud? Azure?

so that users can login with there microsoft live id instead of a normal domainname and user?
LVL 1
Rik Van LierCEOAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
Azure AD ID and live Id are not same

U can have windows 2016 server and directly join to Azure AD if you already have Azure AD setup

You can link your live ID so that workstation can login to live id instead of local windows account / domain account, but it not means you can control file server permissions for azure accounts
0
John TsioumprisSoftware & Systems EngineerCommented:
Something i probably missed...when you say "we just setup a Terminal server and connect to a Active Directory in the cloud? Azure?" there is AD infrastructure on the cloud so why not connect the Terminal Server to it (probably via site-site VPN)
0
LearnctxEngineerCommented:
It sounds to me like you're after is Azure Active Directory Domain Services and not Azure AD; see here. Azure AD is more about identity. You cannot domain join devices to Azure AD in the traditional sense. To the best of my knowledge you can Azure AD join Windows 10 devices, but this is not the same as joining your device to an on-premises or Azure AD DS domain. Remember that Active Directory is made up of 5 parts:

  • Active Directory Domain Services (AD DS): What most people seem to like calling "AD". If you need Kerberos, NTLM, LDAP, DNS, GPO's, etc.
  • Active Directory Certificate Services (AD CS): Internal PKI if you have your own private CA.
  • Active Directory Federation Services (AD FS): To federate internal AD identity with Azure AD identity (on-premises SSO to O365, etc.).
  • Active Directory Lightweight Directory Services (AD LDS)
  • Active Directory Rights Management Services

If you need the services offered by these offerings above, Azure AD is not for you. I didn't bother going into LDS or RMS as I don't think based off your business you have described you would be looking at these. At the end of the day Azure AD is designed to be out floating on the Internet. Its not designed to authenticate you to your Windows terminal services.

Azure Active Directory Domain Services on the other hand can. Its basically IaaS for AD (where Microsoft manage the VM's and you just look after your directory). Alternatively you could try putting your VM's in Azure as Azure VM's and using direct connect.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Rik Van LierCEOAuthor Commented:
@Learnctx so with Azure Active Directory Domain services i can connect a server that is on premise?
0
LearnctxEngineerCommented:
If you're looking at moving your servers into Azure you can yes. It won't eliminate the need for Active Directory on-premises to authenticate, but you could put your RDS and DC's into Azure and eliminate having the servers out there at all, see use case here. Or must the RDS box remain on-premises?
0
Rik Van LierCEOAuthor Commented:
yes the RDS servers need to be on-premeses. so no luck there.

the reason i was thinking of this was because when the on premeses AD server has an issue the users cannot login anymore.

when i can move the ad into the cloud i do not have this anymore
0
LearnctxEngineerCommented:
You can go down the route of using Azure VM's as DC's and putting Active Directory in Azure. See here and here.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Installation

From novice to tech pro — start learning today.