Active Directory on Cloud (Azure Active Directory)
May be a year back I couldn’t think Active Directory on Cloud, technology is always changing and now we have Azure Active Directory or Azure AD/ AAD, is a cloud-based identity and access management service hosted in Microsoft Azure datacentres
We can’t ignore the fact that this can be a game changer for our industry, same way office 365 introduced long back and that time I though it can’t scale up to the certain large scale companies and industries requirement, surprisingly many large scale companies are migrated to office 365, Azure AD might do the same in a longer run, will discuss in detail about the Azure Active Directory
Azure Active Directory is not same as Windows Server Active Directory running on Domain Controllers, Yes it has its own features and designed for cloud based application, similar to Software as a Service application like Office 365, in an general environment application are hosted on their own datacentre using their own Active Directory for authentication
Now in a changing world and in cloud revolution, many applications are cloud based and hosted on vendor datacentre and providing Software as a Service delivery model, generally price by subscription fee, most commonly a monthly fee or an annual fee per user
Cloud based Software as a Service applications are easy to manage, no hardware, server, datacentre are required to install the application, manage/update will be done on vendor on their cloud datacentre, Many applications are available on multiple devices like corporate PC, smartphone, tablet, credentials are managed on same way by local Active Directory and synchronised with Azure AD, you can find the list of application are integrated with Azure AD (http://azure.microsoft.com/en-us/marketplace/active-directory/)
Software as Service applications can be federated to Local AD via ADFS or other federation technology, managing different federation trust with different Software as Service applications are not going to be an easy one in a fast growing federation trusts, Azure AD will be a one solution to establish a single federation trust to your Local AD and then integrate SaaS application with Azure AD, your users can now SSO to those Software as Service applications
Can I replace Local Active Directory Domain Controller with Azure AD?
As an Active Directory Administrator I want to know or am worried how Azure AD going to affect AD admin work, as of now Local clients cannot communicate with an Azure AD directly, you should have your Local AD to connect with client and sync with Azure AD
So we need our local Active Directory to support Azure AD and SaaS application, in current feasibility we can set up a site-to-site Azure Virtual Network from your premises to Azure, and migrate AD Domain Controllers and ADFS to virtual machines in Azure, you should have a good network connection to implement this, read more on Microsoft Azure and more form MS http://msdn.microsoft.com/library/azure/jj156090.aspx
Extract DNS root hints from Domain Controller