How can we improve Azure Active Directory?

Enable legacy Windows Server Active Directory functionality for compute services

I want use this Windows Azure Active Directory services to standard compute services to remove complecation.
for example, we need Active Directory for building failover cluster services IaaS. I don't want to make DC only for that...

111 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Daiyu HatakeyamaDaiyu Hatakeyama shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Matthew ColeMatthew Cole shared a merged idea: Allow Windows NTLM authentication to Azure AD from IIS running on VM's in the same subscription.  ·   · 
    Abel PalmaAbel Palma shared a merged idea: Active Directory as DC  ·   · 

    9 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • SimonSSimonS commented  ·   ·  Flag as inappropriate

        Whilst I appreciate the advancing being made and offered by the ADDS I would like to express my concern at the pricing decision to merge the 0–5,000, and 5,000–25,000 tiers.

        I expect like many other SMB’s on the “small” side that run as virtual organizations see ADDS as a service that makes internal management of development and consulting team resources scalable and efficient, especially as it ties into management of increasing usage of other Azure Services.

        Medium business often have or need on-site resources and infrastructure (full AD Servers) and this service offering will be much less valuable to them (only needing AD Connect). I see the sweet sport of ADDS in making Enterprise Scale infrastructure available to smaller organizations in a democratized way.

        Our business may be small today and having us expend extra resources on internal infrastructure and not on other Azure resources that are more aligned with our business product and services directions is perhaps short sighted?

        I have been trialing the use of ADDS under the preview, and that cost was a third of my Azure Costs prior to the credit I receive from the Partner Network Value Pack Subscription. With the new pricing the calculator indicates this will cost almost three time as much and wipe out two thirds of my monthly credit. Initial indications of GA pricing when I started my trial use it was observed that the GA cost was actually going to be lower, not higher. I would not have saved time exploring this feature had I known this would happen.

        As a fledgling startup, these costs are material, and to leverage the ADDS service means I have to limit use of other Azure resources and as best as I can stay within my meagre budget. The Pay-as-you-go marketing also is a tad disingenuous as it’s not like you can fire ADDS up each morning and shut it down each evening so save hours…as you could other resources, such as a VM. Besides for a small organization we talking 100’s of objects not 1000’s!

        I strongly request that Azure think more about the availability of lower scale offerings. Us small business will hopefully grow into larger business when these issues are generally inconsequential, and may offer huge revenue upside to Azure if they are built on the platform from the ground up.

        I’d suggest having a really small Tier where the cost is free, like other offerings, especially if it gets subscribers using more other features of the overall Azure offering.

        I am also closely involved in another organization that makes much heavier use of Azure, that is larger than mine and we have discussed them taking advantage of ADDS when it went GA. For the same reasons they will likely to rethink this too. I’m sure there are many more.

        Thanks in advance for any reconsideration of this pricing. In the mean time I will need to shut my trial use of this service down, and I guess punch at my own weight.

      • Alex BalcanquallAlex Balcanquall commented  ·   ·  Flag as inappropriate

        Robert, the DS needs to be more like classic DC. We are an ISV that expects to see common partition objects and attibutes - they are not there so our solution fails. Happy to have deeper conversation with you.

      • Will EastburyWill Eastbury commented  ·   ·  Flag as inappropriate

        This would be extremely useful, if you could just create a cloud domain and have it present as if it was an on-premise windows AD service, then join users and computers to it in your cloud.

        Kind of like a PaaS Windows Active Directory. This would be a killer feature IMHO.

      • Matthew ColeMatthew Cole commented  ·   ·  Flag as inappropriate

        Allow Windows NTLM authentication to Azure AD from IIS running on VM's in the same subscription. We have an Internal Application, that we would like to host in Azure,Currently it is running on-premise and authentication is done off our AD, we would like to migrate Azure and to use our O365 AD but we don't want to have to setup federation etc for our 50 internal users only.

      • GIRAUD AlexandreGIRAUD Alexandre commented  ·   ·  Flag as inappropriate

        Hi,

        Why colsed this feedback ? The idea here, is to able to join VM to ADDS without use VM for create ADDS. The best goal is to use WAAD to create an ADDS, and able to join VM in this WAAD instead of ADDS.

      • GIRAUD AlexandreGIRAUD Alexandre commented  ·   ·  Flag as inappropriate

        This is exactly what my customers need. In fact, this suggestion explain that we can use aad to become an Azure Active Director Domain Controler. In this way, no need to deploy adds on virtual macines, and vm can become member of ad provided by aad.
        So, it mean that many specifications are needed and can take a longvtime (dns, user management, gpo,...)

      • Michael TeperMichael Teper commented  ·   ·  Flag as inappropriate

        We can use Azure AD for user authentication, but we can't use it for domain services. In other words, I can't set up VM's, secure directories, services, etc. using Azure AD. For that, I have to install one or more separate VMs to server as Domain Controllers, and Azure does not make that easy at all (just look at the long tail of comments to the official web page that describes how to do this).

      Feedback and Knowledge Base