replace on-premises based AD with AADDS
I read through with great interest the AADDS public preview use cases and documentation. It looks nice but for a very limited set of use cases. I do like the pricing.
I would like to replace existing non-AD LDAP servers with AADDS and have both on-prem and cloud based apps do authentication from one common source. Turns out this isn't possible at all.
I would like to have encryption for all requests to the AADDS, always.
Additionally I would like to add attributes to the schema, if at all possible.
I would like to AADDS join all windows devices to the same domain, not just things which are in Azure cloud.
I'm fairly certain a lot of other SMEs would want the same.
Mike Stephens commented
Better late than never ( four years later--wow-- we'll get better). We've changed quite a bit in Azure AD Domain Services. You can use it for all your LDAP-- that is possible and you can use secure LDAP to encrypt the traffic. That said, you want to use Azure AD DS to replace on-prem AD DS, which is NOT an intended use case. Azure AD Domain Services provides legacy authentication support to enable you to lift and shift your on-premises applications to Azure compute or it can be used to support a VDI solution. It is not meant for on-premises workstations to join it. That is what Azure AD is for. We still need the ability to update the schema, but we're aware of that. Thank you for feedback. We'll close this request out.
Senior Program Manager
IAM Core | Domain Services