You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory-domain-services/compare-identity-solutions.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
9
9
ms.subservice: domain-services
10
10
ms.workload: identity
11
11
ms.topic: overview
12
-
ms.date: 01/22/2020
12
+
ms.date: 03/30/2020
13
13
ms.author: iainfou
14
14
15
15
#Customer intent: As an IT administrator or decision maker, I want to understand the differences between Active Directory Domain Services (AD DS), Azure AD, and Azure AD DS so I can choose the most appropriate identity solution for my organization.
Copy file name to clipboardExpand all lines: articles/active-directory-domain-services/concepts-forest-trust.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
9
9
ms.subservice: domain-services
10
10
ms.workload: identity
11
11
ms.topic: conceptual
12
-
ms.date: 11/19/2019
12
+
ms.date: 03/30/2020
13
13
ms.author: iainfou
14
14
---
15
15
@@ -106,11 +106,11 @@ The outbound forest trust for Azure AD Domain Services is created in the Azure p
106
106
107
107
Many inter-domain and inter-forest transactions depend on domain or forest trusts in order to complete various tasks. This section describes the processes and interactions that occur as resources are accessed across trusts and authentication referrals are evaluated.
108
108
109
-
### Overview of Authentication Referral Processing
109
+
### Overview of authentication referral processing
110
110
111
111
When a request for authentication is referred to a domain, the domain controller in that domain must determine whether a trust relationship exists with the domain from which the request comes. The direction of the trust and whether the trust is transitive or nontransitive must also be determined before it authenticates the user to access resources in the domain. The authentication process that occurs between trusted domains varies according to the authentication protocol in use. The Kerberos V5 and NTLM protocols process referrals for authentication to a domain differently
112
112
113
-
### Kerberos V5 Referral Processing
113
+
### Kerberos V5 referral processing
114
114
115
115
The Kerberos V5 authentication protocol is dependent on the Net Logon service on domain controllers for client authentication and authorization information. The Kerberos protocol connects to an online Key Distribution Center (KDC) and the Active Directory account store for session tickets.
116
116
@@ -126,7 +126,7 @@ If the client uses Kerberos V5 for authentication, it requests a ticket to the s
126
126
* If yes, send the client a referral to the next domain on the trust path.
127
127
* If no, send the client a logon-denied message.
128
128
129
-
### NTLM Referral Processing
129
+
### NTLM referral processing
130
130
131
131
The NTLM authentication protocol is dependent on the Net Logon service on domain controllers for client authentication and authorization information. This protocol authenticates clients that do not use Kerberos authentication. NTLM uses trusts to pass authentication requests between domains.
132
132
@@ -142,7 +142,7 @@ If the account does not exist in the database, the domain controller determines
142
142
* If yes, pass the authentication request on to the next domain in the trust path. This domain controller repeats the process by checking the user's credentials against its own security accounts database.
143
143
* If no, send the client a logon-denied message.
144
144
145
-
### Kerberos-Based Processing of Authentication Requests Over Forest Trusts
145
+
### Kerberos-based processing of authentication requests over forest trusts
146
146
147
147
When two forests are connected by a forest trust, authentication requests made using the Kerberos V5 or NTLM protocols can be routed between forests to provide access to resources in both forests.
Copy file name to clipboardExpand all lines: articles/active-directory-domain-services/overview.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
9
9
ms.subservice: domain-services
10
10
ms.workload: identity
11
11
ms.topic: overview
12
-
ms.date: 01/22/2020
12
+
ms.date: 03/30/2020
13
13
ms.author: iainfou
14
14
15
15
#Customer intent: As an IT administrator or decision maker, I want to understand what Azure AD DS is and how it can benefit my organization.
@@ -49,7 +49,7 @@ Azure AD DS offers alternatives to the need to create VPN connections back to an
49
49
50
50
## Azure AD DS features and benefits
51
51
52
-
To provide identity services to applications and VMs in the cloud, Azure AD DS is fully compatible with a traditional AD DS environment for operations such as domain-join, secure LDAP (LDAPS), Group Policy and DNS management, and LDAP bind and read support. LDAP write support is available for objects created in the Azure AD DS managed domain, but not resources synchronized from Azure AD. The following features of Azure AD DS simplify deployment and management operations:
52
+
To provide identity services to applications and VMs in the cloud, Azure AD DS is fully compatible with a traditional AD DS environment for operations such as domain-join, secure LDAP (LDAPS), Group Policy, DNS management, and LDAP bind and read support. LDAP write support is available for objects created in the Azure AD DS managed domain, but not resources synchronized from Azure AD. The following features of Azure AD DS simplify deployment and management operations:
53
53
54
54
***Simplified deployment experience:** Azure AD DS is enabled for your Azure AD tenant using a single wizard in the Azure portal.
55
55
***Integrated with Azure AD:** User accounts, group memberships, and credentials are automatically available from your Azure AD tenant. New users, groups, or changes to attributes from your Azure AD tenant or your on-premises AD DS environment are automatically synchronized to Azure AD DS.
@@ -69,7 +69,7 @@ For hybrid environments that run AD DS on-premises, you don't need to manage AD
69
69
70
70
## How does Azure AD DS work?
71
71
72
-
To provide identity services, Azure creates an AD DS instance on a virtual network of your choice. Behind the scenes, a pair of Windows Server domain controllers is created that run on Azure VMs. You don't need to manage, configure, or update these domain controllers. The Azure platform manages the domain controllers as part of the Azure AD DS service.
72
+
To provide identity services, Azure creates an AD DS instance on a virtual network of your choice. Behind the scenes, a pair of Windows Server domain controllers are created that run on Azure VMs. You don't need to manage, configure, or update these domain controllers. The Azure platform manages the domain controllers as part of the Azure AD DS service.
73
73
74
74
The Azure AD DS managed domain is configured to perform a one-way synchronization from Azure AD to provide access to a central set of users, groups, and credentials. You can create resources directly in the Azure AD DS managed domain, but they aren't synchronized back to Azure AD. Applications, services, and VMs in Azure that connect to this virtual network can then use common AD DS features such as domain join, group policy, LDAP, and Kerberos / NTLM authentication.
0 commit comments