Azure Active Directory Domain Services Flashcards
What are some limitations of Azure Entra ID that can pose challenges for modern application developers or organizations during cloud migrations?
Azure Entra ID may not support legacy authentication protocols such as Group Policy, LDAP, NTLM, and Kerberos, which are required by some legacy applications.
What are some possible solutions to address the limitations of Azure Entra ID?
Solutions include continuing to use on-premises AD and syncing to Entra ID with Entra ID Connect, configuring an Active Directory server on an Azure VM (self-managed AD DS), or using Entre ID Domain Services.
How does Entra ID Domain Services (EID DS) work?
Entra ID DS is a managed service that provides classic AD features in Azure. It eliminates the need for OS configuration and management and includes two Windows domain controllers for high availability. It operates as a standalone domain with a unique namespace and domain name.
What is the sync relationship between MS Entra ID and MS Entra DS?
Entra ID DS has a one-way sync from MS Entra ID to Entra ID DS. Additionally, Entra ID may have a bidirectional sync with an organization’s on-premises AD, allowing for identity synchronization.
Can you provide a scenario where Entra ID DS would be useful?
Entra ID DS is useful when migrating or integrating legacy applications that do not support modern authentication protocols. For example, in a scenario where legacy enterprise applications need to be lifted and shifted to Azure VMs but do not support modern authentication, Entra ID DS can provide a managed cloud-hosted solution for identity and authentication needs.
What are the benefits of using Entra ID DS?
Entra ID DS provides legacy AD features as a managed service in Azure, eliminating the need for infrastructure maintenance. It integrates with Azure Entra ID and is helpful for migrating or integrating legacy applications that do not support modern protocols.
