1

We are using local on-premise domain controllers (Windows Server 2012 R2) for our small company domain (5 Users, no special requirements).

As a (Windows) software company, we are able to manage servers and networks but it is not our primary focus. After having read about the new Azure AD Domain Services I am not sure if this would be a good way for us.

Has anyone already made some experience with AD Domain Services?

  • Does it make things simpler or even more complicated?
  • Is it possible to migrate an existing locally hosted domain to the cloud and switch off the local domain controllers?
  • Are the costs really as high (112$/month, 1300$/year for a small domain) or is there any misconception on my side?
Ulrich Proeller
  • 13
  • 3

1 Answers1

2

AD Domain Services is really intended as a solution for people to lift and shift legacy apps that need AD to Azure rather than a replacement for an on premises DC. If you can live with the limitations then you might be able to make it work.

The main limitations are:

  1. You don't actually get Domain Admin or Enterprise Admin rights so if anything you need to deploy (like Exchange) needs these your out of luck.
  2. You can't create custom GPOS, you can only edit the existing 1 user and 1 computer GPOs
  3. You can create custom OUs but these OUs are only shown on the AD DS side of things, any users in these custom OUs won't show in thw Azure AD
  4. You can only apply the default GPOs to custom OUS, you can't create new ones.

Pricing is per hour based on the number of objects in your domain. So for less then 25K objects your looking at about $100 per month which is about the same price as running 2 small VMS per month which is effectively what happens behind the scenes.

Sam Cogan
  • 38,158
  • 6
  • 77
  • 113