{"id":49565,"date":"2016-11-02T00:00:00","date_gmt":"2016-11-02T00:00:00","guid":{"rendered":"https:\/\/www.techopedia.com\/what-microsoft-azure-can-and-cant-do-to-help-your-on-premise-active-directory\/"},"modified":"2021-07-12T19:16:08","modified_gmt":"2021-07-12T19:16:08","slug":"what-microsoft-azure-can-and-cant-do-to-help-your-on-premise-active-directory","status":"publish","type":"post","link":"https:\/\/www.techopedia.com\/2\/31980\/trends\/what-microsoft-azure-can-and-cant-do-to-help-your-on-premise-active-directory","title":{"rendered":"What Microsoft Azure Can and Can’t Do to Help Your On-Premise Active Directory"},"content":{"rendered":"

I was talking with the technology director of a fairly good size public school system the other day who was conveying his frustration over Microsoft Azure<\/a> Active Directory<\/a>. They had been recently assigned a team of SMEs<\/a> on the subject to help guide them through an Azure AD implementation. After several conference calls, the director abandoned the partnership with the “experts” as he figured out they didn’t know much more than he did already. “I can read the TechNet articles just as easily as they can,” he quipped.<\/p>\n

This is not that surprising as there is a lot of confusion concerning the integration of Azure AD and on-premise AD within a hybrid cloud<\/a> environment. Usually the initial assumption is that Azure AD is simply a replica version of the traditional Server AD that simply resides in the cloud. This is why there are so many clichés about assuming things. (For a comparison of cloud services, see The Four Major Cloud Players: Pros and Cons<\/a>.)<\/p>\n

The Different Environments of Azure AD and Server AD<\/span><\/h2>\n

The fact is that these two versions of AD have almost as many differences as they do similarities. That’s because they are each built around a different environment.<\/p>\n

When IT professionals refer to AD, they are referring to the traditional AD we have all grown accustomed to over the years that resides on the physical plane. Server AD is built around the principles of organization, manageability and policy. We take our domain<\/a> and segregate it into smaller, more manageable organizational units where users and computers that share commonality reside. Perhaps your AD is divided up by physical locations or by job function. Both users and their respective computers take part in the authorization process as they log on to domain controllers<\/a> using LDAP<\/a> and access physical resources using Kerberos<\/a> tickets. Applications are birthed from ISO files and Group Policy<\/a> locks down desktops and settings for users.<\/p>\n

And then there is Azure. Azure was constructed for the cloud<\/a>, which means it is designed specifically to support web services<\/a>.The cloud is about elasticity, agility and perpetual alteration. Azure is a flat structure void of organizational units and Group Policy objects, a structure in which location is irrelevant. In fact, Azure is a vast ocean of objects all congregated into one humongous container. It’s a place in which applications are services, extensions of the users themselves. Applications in this environment are simply assigned rather than installed. While traditional AD is known for making the user experience<\/a> as managed and controlled as possible, Azure AD is about making the user experience as fluid as possible.<\/p>\n

The Commonalities Between Azure AD and Server AD<\/span><\/h2>\n

So, Azure AD is not intended to be the cloud version of Server AD. It was constructed to augment it as traditional AD was never built to support the world of web-based internet services. So let’s start with the similarities between the two.<\/p>\n

Like its predecessor, Azure AD hosts users and groups. In a hybrid cloud environment, AD admins can create users within their local on-premise AD and have them synchronized to Azure by an intermediary tool called Azure AD Connect which offers some great added features.<\/p>\n