Windows and Linux Virtual Machines (VMs) for Azure AD Connect
Question
A company deploys Azure Active Directory (Azure AD) Connect to synchronize identity information from their on-premises Active Directory Domain Services (AD
DS) directory to their Azure AD tenant. The identity information that is synchronized includes user accounts, credential hashes for authentication (password sync), and group memberships. The company plans to deploy several Windows and Linux virtual machines (VMs) to support their applications.
The VMs have the following requirements:
-> Support domain join, LDAP read, LDAP bind, NTLM and Kerberos authentication, and Group Policy.
-> Allow users to sign in to the domain using their corporate credentials and connect remotely to the VM by using Remote Desktop.
You need to support the VM deployment.
Which service should you use?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.D
Azure AD Domain Services provides managed domain services such as domain join, group policy, LDAP, Kerberos/NTLM authentication that are fully compatible with Windows Server Active Directory.
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-overviewThe correct answer is D. Azure AD Domain Services.
Explanation: Azure AD Domain Services provides managed domain services such as domain join, group policy, LDAP, Kerberos/NTLM authentication that are fully compatible with Windows Server Active Directory. By using Azure AD Domain Services, you can enable domain-joined Azure VMs to perform traditional domain activities without the need to deploy and manage domain controllers.
In this scenario, Azure AD Connect is used to synchronize user accounts, credential hashes, and group memberships from on-premises Active Directory to Azure AD tenant. By using Azure AD Domain Services, the VMs can join the domain and authenticate users against Azure AD, which is the primary directory for the organization.
Option A: Active Directory Federation Services (AD FS) provides web-based single sign-on (SSO) and federation capabilities. It is typically used for scenarios where users need to authenticate against multiple systems or services using a single set of credentials. However, AD FS is not designed to provide traditional domain services such as domain join and group policy.
Option B: Azure AD Privileged Identity Management (PIM) is used to manage and monitor privileged access to Azure resources. It provides just-in-time access to sensitive resources, temporary access assignments, and activity logging. However, it is not designed to provide domain services such as domain join, LDAP, and group policy.
Option C: Azure Managed Identity is a service that provides an identity for an application to access Azure resources securely. It eliminates the need for developers to manage secrets such as passwords and connection strings. However, it is not designed to provide domain services such as domain join, LDAP, and group policy.
Therefore, Azure AD Domain Services is the appropriate service for this scenario to support the deployment of Windows and Linux VMs that require domain join, LDAP read, LDAP bind, NTLM and Kerberos authentication, and Group Policy.
