I have a long Active Directory history. In fact, I started working with Microsoft identities way before there was an AD, back in the days of Microsoft LAN Manager, then worked with Windows NT from the early beta releases on, and the same with Windows 2000 and subsequent editions. So the news of Azure AD Domain Services caught my attention.

Aside from Microsoft Azure AD (Active Directory) - which despite its name has been a new type of directory service without support for features such as Kerberos, NTLM, or even LDAP - Microsoft has offered Active Directory domain controllers as Microsoft Azure instances for a long time now. However, the latter are just domain controllers running on Azure instead of running on-premise.

With the new Azure AD Domain Service, Azure AD becomes a domain controller, supporting features such as the ones listed above plus group policies. Services running in an Azure Virtual Network can rely on these AD services. Thus, applications requiring AD can be easily moved to Azure and rely on the Azure AD Domain Services. Furthermore, Azure AD can connect back to the on-premise AD infrastructure relying on Azure AD Connect. Users then can sign in to the domain using their existing credentials, while other users can be on-boarded and managed in Azure AD.

This announcement is great news for organizations that want to move more applications to the cloud, but struggled with AD dependencies until now. There will be concerns regarding maintaining credentials in a cloud service. On the other hand, many organizations already rely on Azure AD Connect e.g. when using Office 365 in integration with their on-premise Active Directory.

Altogether with other new features such as Azure AD B2B and B2C, Microsoft now offers a multitude of options to enhance the existing Active Directory environments in the cloud, supporting a broad variety of customer use cases. My rating as a long-term Active Directory guy: Cool stuff.