Additionally to the very good explanations, I would like to point out that we are all in love with the Millenium Falcon hologram on the shelf in the background.
Great summary! I've been looking for something that explains these differences in easy to understand terms for talks with my clients who ask questions around these topics. Bravo!
holy hell it's about time someone explained it! Microsoft owes you 3 zillion dollars for this video since they can't figure out how to explain it in any of theirs!
Super helpful video. Its surprising how difficult it is to find something like this in documentation. With regards to Azure AD / Azure AD DS, what are we truly losing without a Domain Administrator or Enterprise Administrator account? Today, my company utilizes AWS' Managed AD solution. Enterprise admin is maintained and managed by AWS (customer does not have access to this account) but maintains a "scoped" domain admin. There is a builtin group to AWS' Managed AD that is automatically created when a new directory is spun up through AWS' Directory Service. Make your new user a member of this group and they will have the most common permissions for Domain Administrators over a specific OU. I'm trying to understand some of the caveats I may run into if I opt for Azure AD (and?) Azure AD DS.
I am improving my skills as a penetration tester and taking part on HackTheBox. Having completed two machines (Forest and Monteverde) the gap demonstrating my lack of understanding of the difference between AD and Azure became apparent. Thank you for this video. Have you got a Udemy channel ?
Very well said. I really do not see a reason for it but as companies are convinced its lower cost then a server. We all have to compile. The microsoft tax system.
I am a geologist with a strong IT background but no formal IT training. I have been tasked to setup some VMs for use by our clients to run our MS Access based database software and for single users these are working out OK. We are using Azure AD with our Office 365 account and do not have an on-prem server. The direction we want to go in is Windows Virtual Desktop. I have watched your various videos on Azure and have learned a lot. I have setup a WVD VM for work and can connect to it. The problem I have is getting others to connect to the VM. If I understand things correctly, I also need Azure AD Domain Services to allow others in my AD to connect. The problem is when I try to add AAD DS to our subscription, MS always wants me to create a new subscription for Azure. Is there a way around this or am I missing something obvious?
Thanks for a great and informative video. Very helpful! So my next question is, "If I can't replace my on-prem AD with Azure, why is AAD and AAD-DS even necessary? To lift-n-shift a legacy website? Seems like a missed opportunity to me. Also, and I know I'll get flamed for this, you're pronouncing Azure wrong. It's not ah-ZURE, it's AZH-er.
Thanks Travis for this content...I will appreciate if you answer my query. If my on-prem ADDS and Azure ADDS are sync with AAD connect , can i use Azure ADDS to authenticate and authorize on-prem users for intranet resources also. And can azure ADDS can be use as an DR for on-prem ADDS. Regards,
Great video, thank you for the information. Can you maybe expand on how Azure ADDS compares to the functionality of Windows ADDS when applied to non-vm devices such as laptops or tablets? Can they be managed solely (or in any way) by Azure ADDS or is Intune required?
Thank you! Got to know about the AAD DS and you were able to explain it in detail within this time period. By the way, what kind of applications do you use in making your videos?
If I have Azure AD DS running in azure and no DC's on premise can I just have that running and join all my on premise machines to the AADDS and leveage all the same functions like group policy
Here is a link to the pricing page azure.microsoft.com/en-us/pricing/details/active-directory-ds/ It can work with WVD to replace traditional Windows AD.
Thanks for clearing this all up but wow. Microsoft had to really over complicate this stuff, hell. Setting up Windows Enterprise I couldn't join my AD Domain afterwards because it was Joined to Azure AD, I mean... What?
Great, but one hole i cant figure out. Per your example for one of the reasons why would you do this. (To move a IIS server that doesn't support modern auth. quickly to Azure with out setting up DCs in Azure) Once you set this up and move the IIS server into Azure how does the IIS server then support modern authentication? Just by forking lifting a IIS server into Azure enables IIS to support modern auth? Thanks!!
Nothing changes other then the AD DS is a PaaS offering. The advantage is that it’s different then the corporate internal domain. From an architectural standpoint, it would still use IIS auth
Can i use Azure Active Directory Domain services for on premises users? I do not have on premises domain controller for users/system management and to apply group policies.
Yes, but there are some limitations. You can't extend AAD DS to the on-premises network, it would required a persistent connections between the on-prem network and the VNet. Take a look at Intune for user and system management. That may get you what you need without a domain.
Sure, it's at the bottom of the post here www.ciraltos.com/active-directory-domain-service-azure-active-directory-and-azure-active-directory-domain-service-explained/
I'm in network working - All I heard was AD Active Directory Azure Domain Services AD Linux AD Domain Services Azure Samba AD Domain Services Root Domain Servercices AD Azure Services and no Enterprise Admin.
Great video. Now I only have to watch it another 57 times.
Additionally to the very good explanations, I would like to point out that we are all in love with the Millenium Falcon hologram on the shelf in the background.
Thanks!
Great summary! I've been looking for something that explains these differences in easy to understand terms for talks with my clients who ask questions around these topics. Bravo!
Glad it was helpful!
holy hell it's about time someone explained it! Microsoft owes you 3 zillion dollars for this video since they can't figure out how to explain it in any of theirs!
Thanks! I'll send them an invoice :)
@@Ciraltos I officially award you the ability to freely download a 180 trial use, straight from MS, Of Windows Server 2019!!!! :)
Super helpful video. Its surprising how difficult it is to find something like this in documentation. With regards to Azure AD / Azure AD DS, what are we truly losing without a Domain Administrator or Enterprise Administrator account? Today, my company utilizes AWS' Managed AD solution. Enterprise admin is maintained and managed by AWS (customer does not have access to this account) but maintains a "scoped" domain admin. There is a builtin group to AWS' Managed AD that is automatically created when a new directory is spun up through AWS' Directory Service. Make your new user a member of this group and they will have the most common permissions for Domain Administrators over a specific OU.
I'm trying to understand some of the caveats I may run into if I opt for Azure AD (and?) Azure AD DS.
Wow, Travis this is great video, all other videos were so confusing , This is so crisp and clear ..Thanks
Glad you enjoyed it!
Best video on topic .simple question that was hard to find
I am improving my skills as a penetration tester and taking part on HackTheBox. Having completed two machines (Forest and Monteverde) the gap demonstrating my lack of understanding of the difference between AD and Azure became apparent. Thank you for this video. Have you got a Udemy channel ?
Thank you! No Udemy channel but I do have some work published on acloud.guru.
Great work Travis as always.
Thanks!
Excellent overview and comparison of the 3 services, very helpful. Thank you!
Glad it was helpful!
I like it when people with experience are on RUclips
Thank you!
Very well said. I really do not see a reason for it but as companies are convinced its lower cost then a server. We all have to compile.
The microsoft tax system.
Thanks!
What a Lovely video! Extremely helpful and of great quality!
I am a geologist with a strong IT background but no formal IT training. I have been tasked to setup some VMs for use by our clients to run our MS Access based database software and for single users these are working out OK.
We are using Azure AD with our Office 365 account and do not have an on-prem server. The direction we want to go in is Windows Virtual Desktop. I have watched your various videos on Azure and have learned a lot. I have setup a WVD VM for work and can connect to it. The problem I have is getting others to connect to the VM. If I understand things correctly, I also need Azure AD Domain Services to allow others in my AD to connect. The problem is when I try to add AAD DS to our subscription, MS always wants me to create a new subscription for Azure. Is there a way around this or am I missing something obvious?
Dang. Great video! VERY informative. Thanks for uploading!
Glad to help!
Thanks for a great and informative video. Very helpful! So my next question is, "If I can't replace my on-prem AD with Azure, why is AAD and AAD-DS even necessary? To lift-n-shift a legacy website? Seems like a missed opportunity to me. Also, and I know I'll get flamed for this, you're pronouncing Azure wrong. It's not ah-ZURE, it's AZH-er.
Thanks Travis for this content...I will appreciate if you answer my query.
If my on-prem ADDS and Azure ADDS are sync with AAD connect , can i use Azure ADDS to authenticate and authorize on-prem users for intranet resources also.
And can azure ADDS can be use as an DR for on-prem ADDS.
Regards,
Great video, thank you for the information. Can you maybe expand on how Azure ADDS compares to the functionality of Windows ADDS when applied to non-vm devices such as laptops or tablets? Can they be managed solely (or in any way) by Azure ADDS or is Intune required?
Interested in the answer if you found it. Thanks
Thank you! Got to know about the AAD DS and you were able to explain it in detail within this time period. By the way, what kind of applications do you use in making your videos?
Thanks. I use Davinci Resolve for editing, OBS for screen capture and record the audio with Audacity
Travis Roberts thank you for sharing
I am currently using in prem AD, but require MFA, what do you suggest?
Great Explaination Thanks
Great explanation , but slightly slippage to AAD domain service part. Can you clarify it bit wider
More to come on Azure AD Domain Services shortly.
Awesome explanation!
Thanks!
Good video. Thanks for posting.
Thank you too!
If I have Azure AD DS running in azure and no DC's on premise can I just have that running and join all my on premise machines to the AADDS and leveage all the same functions like group policy
Well thought out and delivered, thank you.
Glad it was helpful!
Crystal clear. Thanx
Thank you!
Excellent talk. Many thanks for sharing (Y)
My pleasure!
Great video, does anyone know how much this costs? And does this replace the need for a traditional AD service on Microsoft's Windows 10 VDI offering?
Here is a link to the pricing page azure.microsoft.com/en-us/pricing/details/active-directory-ds/
It can work with WVD to replace traditional Windows AD.
Thanks for clearing this all up but wow. Microsoft had to really over complicate this stuff, hell. Setting up Windows Enterprise I couldn't join my AD Domain afterwards because it was Joined to Azure AD, I mean... What?
Thanks Travis!
Great, but one hole i cant figure out. Per your example for one of the reasons why would you do this. (To move a IIS server that doesn't support modern auth. quickly to Azure with out setting up DCs in Azure) Once you set this up and move the IIS server into Azure how does the IIS server then support modern authentication? Just by forking lifting a IIS server into Azure enables IIS to support modern auth? Thanks!!
Nothing changes other then the AD DS is a PaaS offering. The advantage is that it’s different then the corporate internal domain. From an architectural standpoint, it would still use IIS auth
@@Ciraltos Thanks, so if you want modern auth, or things like conditional access to the IIS server you could do the Azure AD app proxy correct?
Correct, that could control access before IIS.
Wow, I have to say Thank you!
Thank you, Travis. Very helpful.
Glad it was helpful!
Great outline .. thanks
You are welcome!
I'm bit confused why do we need Windows AD once migrated to the Azure cloud. It seems to be duplication for authentication of end users.
Thanks for clearing this up!
Do you have in depth tutorials about these topics ? Great Video
Not yet, but possibly in the future. Thanks!
helpful. Got clarity !!!
Glad it helped
Nicely done and informative. Thank you.
Thanks so much. This is very helpful.
Good info. Do you consult?
For videos like these I would like to be able hit LIKE 100500 times
Thank you X100500 :)
Really thanks for clarifying....
Crystal Clear! Thanks
Great video! Thank you for the info.
Can i use Azure Active Directory Domain services for on premises users?
I do not have on premises domain controller for users/system management and to apply group policies.
Yes, but there are some limitations. You can't extend AAD DS to the on-premises network, it would required a persistent connections between the on-prem network and the VNet. Take a look at Intune for user and system management. That may get you what you need without a domain.
Thank you!! Super helpful.
Glad it was helpful!
Thank you !
very interesting ! great job
Subbed. Good info.
Thanks for the sub!
Could you please make available that table that you showed at 5:15?
Sure, it's at the bottom of the post here www.ciraltos.com/active-directory-domain-service-azure-active-directory-and-azure-active-directory-domain-service-explained/
Where does this mess end.
I'm in network working - All I heard was AD Active Directory Azure Domain Services AD Linux AD Domain Services Azure Samba AD Domain Services Root Domain Servercices AD Azure Services and no Enterprise Admin.
IMO group policy is a big deal and its only available in traditional Active Directory.
Azure AD DS supports Group Policies. Azure AD does not.
What a first-class mess microsoft has created.
Even I can read from the ppt so why bothering reading it. Just put the ppt instead of video.
Du bist ein Textvorleser. Mehr nicht. Verstehst du was du da liest?