A company deploys Azure Active Directory (Azure AD) Connect to synchronize identity information from their on-premises Active Directory Domain Services (AD
DS) directory to their Azure AD tenant. The identity information that is synchronized includes user accounts , credential hashes for authentication (password sync), and group membership. The company plans to deploy several Windows and Linux virtual machines (VMs) to support their applications.
The VMs have the following requirements:
-> Support domain join, LDAP read, LDAP bind, NTLM and Kerberos authentication, and Group Policy.
-> Allow users to sign in to the domain using their corporate credentials and connect remotely to the VM by using Remote Desktop.
You need to support the VM deployment.
Which service should you use?
Click on the arrows to vote for the correct answer
A. B. C. D.A
Azure AD Domain Services provides managed domain services such as domain join, group policy, LDAP, Kerberos/NTLM authentication that are fully compatible with Windows Server Active Directory.
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-overviewThe requirement is to deploy several Windows and Linux virtual machines (VMs) that can support domain join, LDAP read, LDAP bind, NTLM and Kerberos authentication, and Group Policy, while allowing users to sign in using their corporate credentials and connect remotely to the VMs by using Remote Desktop.
To achieve this, the recommended service is Azure AD Domain Services (Option A).
Azure AD Domain Services is a managed domain service that provides domain join, Group Policy, LDAP, and Kerberos/NTLM authentication services, which can be used to support traditional Windows Server Active Directory (AD DS) scenarios in the cloud. It allows you to use the same familiar tools and processes that you use on-premises to manage domain-joined machines in the cloud.
Azure AD Domain Services can be used in combination with Azure AD Connect to provide a seamless hybrid identity solution, allowing users to sign in to the domain using their corporate credentials and connect remotely to the VMs by using Remote Desktop.
Option B, Azure AD Privileged Identity Management, is a service that helps you manage, control, and monitor access to privileged accounts in Azure AD and other Microsoft online services. This service is not directly related to the requirements of supporting VM deployment.
Option C, Azure AD Managed Service Identity, is a service that provides an identity for applications to access resources in Azure. It is not directly related to the requirements of supporting VM deployment.
Option D, Active Directory Federation Services (AD FS), is a service that enables you to provide federated identity and access management to your applications. It is not directly related to the requirements of supporting VM deployment, and it is not necessary for the scenario described in the question.