Don’t Use Azure AD Domain Services to Replace Windows Domain Controllers

Thanks Travis! Really appreciate this quality content. Can't believe I'm getting quality content at the convenience of YouTube. You deserve more viewers. I was actually thinking if companies are moving in the cloud for their domain controllers. Sucks that Microsoft abandoned the Windows Server certifications and moved on completely with Azure and 365 services. Looks like it creates more problems than solutions if you completely migrate in the cloud for your DCs. But maybe in the future, Windows operating systems and domain controllers will have a seamless, smooth services and support that work well in either on-prem or in the cloud.

Genghis_Chad

I wish I could convince my CIO. He already has budgeted and planned for AD decommissioning and I am trying to find a hack to deploy gpo with PowerShell to copy admx files manually into intune where I am the new human domain controller

timothygibney

Can you utilize folder redirection with Azure Ad Domain Services? I would like to redirect users data to the cloud.

BurnsLyons

Thanks for the video it is very useful. Do you know if there is a way of creating custom organisation unit with custom GPO and somehow connect it to a user. Because it is by default forbidden to move users and computers betwen AADD organisation unit and custom one that I've created.

sharkee

Really really struggling with this whole thing.
I've been around it and I've used it to some degree and am very comfortable with the high level concepts.
I've been doing this type of work (or related) for a long time. Love it and am always learning new things.
All that said I have not been able to put any of it to real practical use even for the simplest of scenarios.
Microsoft makes this nearly impossible.
I am simply trying to manage a small group of test computers using Azure AD.
Trying to accomplish a few very simple tasks like managing if a user can sign into a work station or not.
Right off the bat- Microsoft's stupid Hello PIN number crap-- breaks this ability right away!
Any user can simply login and continue doing everything using the PIN even if the password has been changed (in Azure AD) and even if the device has been "disabled".
What is the point?
Any searches suggest that I need to pay extra for intune but are not clear if this can be done without intune. (a rabbit hole to take you away from Azure AD itself) and no idea if it's needed or not.
This is just the very beginning and touching the surface of Azure AD.
Turing on "block sign in" at the user level does nothing to block you from doing anything on a workstation computer, PIN still works.
I am finding no clear guide on how to setup and perform the most basic of admin tasks with Azure AD joined computers.
I've poked at this off & on for several years and have not got beyond basic frustration.
A small customer wants to use Azure AD to manage 5 computers and 5 users and has been unable to figure it out for years.
Brought the task to me because they know I can eventually figure it out.
I'm a Microsoft partner (10 + years) and can't easily figure it out or find the resources to figure it out easily.

stevegladden

it's 2023, is this still true?
any update?

fbifido

Is it a good idea to deploy azure DS as a backup for on prem AD?

sleimansaab

Azure AD Sync only works for Servers, I am having an issue, trying to add my on-premise client to my Azure domain, I ended up deploying a server (VM) which I am able to join to the domain, the issue is promoting this VM server to a domain controller, was able to download an installed but unable to authenticate to Azure AD DS for some reasons still looking for an actual "Enterprise administrator account" (maybe this is not included on pay as you ), Seems like I will have to build a on-premise server and install Azure AD Sync in order to manage my resources, Assuming I can still use Azure domain name services for my .com name and DNS server. Still Azure AD DS can be good backup solution.

Leo-uyqv