You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory-domain-services/compare-identity-solutions.md
+6Lines changed: 6 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,13 +23,17 @@ Although the three Active Directory-based identity solutions share a common name
23
23
24
24
***Active Directory Domain Services (AD DS)** - Enterprise-ready lightweight directory access protocol (LDAP) server that provides key features such as identity and authentication, computer object management, group policy, and trusts.
25
25
* AD DS is a central component in many organizations with an on-premises IT environment, and provides core user account authentication and computer management features.
26
+
* For more information, see [Active Directory Domain Services overview in the Windows Server documentation][overview-adds].
26
27
***Azure Active Directory (Azure AD)** - Cloud-based identity and mobile device management that provides user account and authentication services for resources such as Office 365, the Azure portal, or SaaS applications.
27
28
* Azure AD can be synchronized with an on-premises AD DS environment to provide a single identity to users that works natively in the cloud.
29
+
* For more information about Azure AD, see [What is Azure Active Directory?][whatis-azuread]
28
30
***Azure Active Directory Domain Services (Azure AD DS)** - Provides managed domain services with a subset of fully-compatible traditional AD DS features such as domain join, group policy, LDAP, and Kerberos / NTLM authentication.
29
31
* Azure AD DS integrates with Azure AD, which itself can synchronize with an on-premises AD DS environment. This ability extends central identity use cases to traditional web applications that run in Azure as part of a lift-and-shift strategy.
30
32
31
33
This overview article compares and contrasts how these identity solutions can work together, or would be used independently, depending on the needs of your organization.
32
34
35
+
To get started, [create an Azure AD DS managed domain using the Azure portal][tutorial-create].
36
+
33
37
## Azure AD DS and self-managed AD DS
34
38
35
39
If you have applications and services that need access to traditional authentication mechanisms such as Kerberos or NTLM, there are two ways to provide Active Directory Domain Services in the cloud:
@@ -116,3 +120,5 @@ To get started with using Azure AD DS, [create an Azure AD DS managed domain usi
Copy file name to clipboardExpand all lines: articles/active-directory-domain-services/overview.md
+7-1Lines changed: 7 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,6 +19,8 @@ ms.author: iainfou
19
19
20
20
Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos / NTLM authentication that is fully compatible with Windows Server Active Directory. You use these domain services without the need to deploy, manage, and patch domain controllers in the cloud. Azure AD DS integrates with your existing Azure AD tenant, which makes it possible for users to sign in using their existing credentials. You can also use existing groups and user accounts to secure access to resources, which provides a smoother lift-and-shift of on-premises resources to Azure.
21
21
22
+
To get started, [create an Azure AD DS managed domain using the Azure portal][tutorial-create].
23
+
22
24
Azure AD DS replicates identity information from Azure AD, so works with Azure AD tenants that are cloud-only, or synchronized with an on-premises Active Directory Domain Services (AD DS) environment. The same set of Azure AD DS features exist for both environments.
23
25
24
26
* If you have an existing on-premises AD DS environment, you can synchronize user account information to provide a consistent identity for users.
@@ -49,7 +51,11 @@ Azure AD DS offers alternatives to the need to create VPN connections back to an
49
51
50
52
## Azure AD DS features and benefits
51
53
52
-
To provide identity services to applications and VMs in the cloud, Azure AD DS is fully compatible with a traditional AD DS environment for operations such as domain-join, secure LDAP (LDAPS), Group Policy, DNS management, and LDAP bind and read support. LDAP write support is available for objects created in the Azure AD DS managed domain, but not resources synchronized from Azure AD. The following features of Azure AD DS simplify deployment and management operations:
54
+
To provide identity services to applications and VMs in the cloud, Azure AD DS is fully compatible with a traditional AD DS environment for operations such as domain-join, secure LDAP (LDAPS), Group Policy, DNS management, and LDAP bind and read support. LDAP write support is available for objects created in the Azure AD DS managed domain, but not resources synchronized from Azure AD.
55
+
56
+
To learn more about your identity options, [compare Azure AD DS with Azure AD, Active Directory Domain Services on Azure VMs, and Active Directory Domain Services on-premises][compare].
57
+
58
+
The following features of Azure AD DS simplify deployment and management operations:
53
59
54
60
***Simplified deployment experience:** Azure AD DS is enabled for your Azure AD tenant using a single wizard in the Azure portal.
55
61
***Integrated with Azure AD:** User accounts, group memberships, and credentials are automatically available from your Azure AD tenant. New users, groups, or changes to attributes from your Azure AD tenant or your on-premises AD DS environment are automatically synchronized to Azure AD DS.
Copy file name to clipboardExpand all lines: articles/active-directory-domain-services/password-policy.md
+5Lines changed: 5 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -42,6 +42,11 @@ To complete this article, you need the following resources and privileges:
42
42
43
43
Fine-grained password policies (FGPPs) let you apply specific restrictions for password and account lockout policies to different users in a domain. For example, to secure privileged accounts you can apply stricter account lockout settings than regular non-privileged accounts. You can create multiple FGPPs within an Azure AD DS managed domain and specify the order of priority to apply them to users.
44
44
45
+
For more information about password policies and using the Active Directory Administration Center, see the following articles:
46
+
47
+
*[Learn about fine-grained password policies](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770394(v=ws.10))
48
+
*[Configure fine-grained password policies using AD Administration Center](/windows-server/identity/ad-ds/get-started/adac/introduction-to-active-directory-administrative-center-enhancements--level-100-#fine_grained_pswd_policy_mgmt)
49
+
45
50
Policies are distributed through group association in an Azure AD DS managed domain, and any changes you make are applied at the next user sign-in. Changing the policy doesn't unlock a user account that's already locked out.
46
51
47
52
Password policies behave a little differently depending on how the user account they're applied to was created. There are two ways a user account can be created in Azure AD DS:
0 commit comments