Azure Active Directory Domain Services Integration

This service provides the capabilities to use AD Domain Services as a Service in Azure. It delivers two domain controllers with a small footprint of management options. It integrates directly with your Azure AD. It’s an excellent option to move entirely to the cloud with everything you use on-premises. This provides smaller companies with an opportunity to live without a local infrastructure. Just imagine that a main legacy LOB can now be used in an Azure AD integration scenario and everything will be managed under service conditions:

The solution provides capabilities to support NTLM/Kerberos and LDAP applications. You can also securely expose LDAP in an example for printing solutions. We used this option in Chapter 1, Building and Managing Azure Active Directory. Note that you need to activate the password-hash sync option in Azure AD Connect, so the user can be successfully synced between Azure AD and the Azure AD Domain Services. Furthermore, you benefit from the following additional features:

• AD account lockout protection—Users are locked out for 30 minutes if five invalid passwords are used within 2 minutes. Accounts are automatically unlocked after 30 minutes.
• Custom organizational units (OUs)—You are able to create multiple OUs.
• Group policy support—You are able to use group policies to manage servers.