Active Directory and Microsoft Entra ID Support
Active Directory (AD) and Microsoft Entra ID are Microsoft's core identity management and directory services for on-premises, cloud-based, or hybrid networks. On-premises Active Directory enables centralized single-sign-on (SSO) for applications and services and supports infrastructure components such as DNS, DHCP, IPsec, Wi-Fi, NPS, and VPN. When on-premises Active Directory Domain Services (AD DS) is installed on a server, that server can be promoted to a domain controller for domain management with support for Group Policy, fine-grained password policy, Active Directory Admin Center, and other features.
Microsoft Entra ID, formerly branded Azure Active Directory, is Microsoft's cloud-based Identity-as-a-Service (IDaaS) solution for identity, access management, and security. Microsoft Entra ID allows you to register users, groups, apps, and devices with Azure to enable SSO access to apps and Microsoft 365 accounts. With the Microsoft Entra ID Connect application (formerly called Azure AD Connect) installed on-premises, you can sync local usernames and passwords up to Microsoft Entra ID to support a hybrid network model.
For two decades, Progent has delivered expertise for all releases of Active Directory and Active Directory Domain Services (AD DS), providing the knowledge and experience needed to design, deploy, and troubleshoot complex AD deployments across an enterprise.
Deploying Hybrid Networks with Microsoft Entra Domain Services
Applications slated for moving to the cloud might depend on traditional AD domain features like Group Policy, Domain Join, LDAP, or Kerberos/NTLM authentication. Updating application code to use native Azure AD services can be difficult even if you have source code. But you cannot deploy a VM in Azure for running an AD DS domain controller without a site-to-site connection like VPN. Microsoft Entra Domain Services (formerly Azure AD Domain Services), solves this problem by allowing you to create a managed domain in an Azure VM to support traditional authentication methods and features.
Microsoft Entra Domain Services enable a hybrid cloud/on-premises deployment model for Active Directory
Microsoft Entra Domain Services let you implement a managed domain in Azure to provide legacy authentication methods and features. Microsoft Entra Connect allows you to synchronize your on-premises AD users and groups to Microsoft Entra and then synchronize in the cloud from Microsoft Entra to Microsoft Entra Domain Services. You can then deploy a server on your Azure virtual network, install Microsoft Entra Domain Services tools, and connect to the managed domain.
This hybrid deployment model allows on-premises accounts to have the same usernames and passwords as they do in Azure and so delivers a consistent experience for apps, services, and users. Azure takes care of patching and administering the managed domain controller's network resources and synchronization engine and maintaining high availability. Your legacy apps can authenticate against the managed domain, and you can administer an AD DS managed domain using familiar tools like Active Directory Admin Center or MMC snap-ins like DNS or Group Policy.
Special Features of Azure AD
Microsoft Entra provides identity and security management for cloud resources including Microsoft 365, the Azure portal, and various Software-as-a-Service (SaaS) applications. Microsoft Entra offers a growing list of cloud-based identity and access management features unavailable with on-premises versions of Active Directory. These innovations include:
- Support for multi-factor authentication (MFA) and passwordless identity technologies such as FIDO2
- Ability for SaaS apps that support OAuth2, SAML, and WS-* authentication to utilize Azure AD authentication
- Integration with Microsoft Intune for mobile device management and the ability to evaluate mobile device state information during authentication. (On-premises AD requires third-party solutions to support mobile devices.)
- Entitlement management for automating access request workflows, access assignments, reviews, and lifecycles. Entitlement management streamlines at scale the process of managing access to groups, apps, and SharePoint Online sites for internal and external users.
- Azure AD managing roles can be enhanced with Privileged Identity Management (PIM) for just-in-time, time-bound, or workflow-based access to privileged roles. PIM allows you to require approval to activate privileged roles, receive notifications when privileged roles are activated, use justification to understand why users activate privileged roles, and conduct access reviews to determine whether users still need roles.
How Progent Can Help You with Active Directory
Progent's Microsoft-certified AD consultants offer expertise in planning, testing, deploying, managing, and debugging Active Directory solutions for Windows Server 2019, Windows Server 2016, and Windows Server 2012 R2. Progent can also help you maintain a legacy edition of Active Directory or migrate efficiently to a modern version. Progent's Microsoft Azure experts can help you design and carry out an efficient migration from an on-premises deployment of Active Directory to cloud-hosted Microsoft Entra ID (formerly Azure AD) or to a hybrid model that unifies identity management across on-premises and cloud resources. Progent can also provide Cisco-certified network infrastructure engineers to help you enhance the performance and resilience of your network infrastructure. In addition, Progent's CISA, CISM, GIAC, and CISSP certified security professionals can evaluate your enterprise-wide security and compliance and recommend improvements appropriate for a large-scale, multi-site environment.
Online and on-site consulting services available from Progent's Active Directory and Microsoft Azure experts include:
- Progent's Microsoft-certified consultants have extensive experience troubleshooting complex Active Directory issues such as replication problems, multi-domain partition configurations, corrupted AD objects, clean-up of legacy beta software configuration objects in production AD environment, and repair of failed installations of AD and AD-integrated applications. Progent is also skilled in using 'expert only' AD tools such as ADSIEDIT, NTDSUTIL, DCDIAG and NETDIAG.
- Progent can help you deploy Azure AD Connect to implement a hybrid identity solution with Active Directory. Progent can show you when and how to deploy AD Connect for password hash synchronization, pass-through authentication, and Federation integration using your on-premises AD FS infrastructure.
Progent can help you build a hybrid ID and network access solution with Microsoft Entra Connect
- Progent offers expertise in designing an enterprise Active Directory environment with multiple locations and can deliver fast, efficient solutions for fault tolerant architecture, placement of servers and services, and AD server roles.
- Progent can design and implement an optimal DNS configuration that correctly handles internal, external and remote users.
- To save clients the cost of expensive reconfigurations that may be required as a result of poor initial decisions, Progent can help make key early decisions concerning Active Directory and Microsoft Entra ID (Azure AD) naming standards, hierarchical model, IT management structure, utilization and structure of Group Policy objects, plus security and auditing definitions. Progent can also anticipate the impacts of server and service configurations on functionality and performance.
- To maximize system robustness and availability, Progent's engineers can help create an Active Directory architecture and provide expert implementation that features enterprise class redundancy, fault tolerance, effective data protection systems, and seamless disaster recovery.
- Progent can diagnose and resolve complex problems concerning workstation, mobile endpoints, and server authentication in an Active Directory or Microsoft Entra environment.
- The specialists in Progent's Experts Team can implement and support applications integrated with Active Directory and Azure AD by providing Microsoft Exchange Server 2019 integration, Microsoft Exchange 2016 planning and deployment, , and Cisco Unified Communications Manager/CallManager expertise.
- Progent can help architect, plan and manage the migration/merging of an acquired entities Active Directory environment into a single AD structure.
- For enhanced security, Progent can provide assistance designing enterprise-wide security policies and procedures and work with Active Directory and Microsoft Entra configuration to implement such policies.
Support for Legacy Versions of Active Directory
Windows Server 2008 introduced major enhancements to Active Directory including AD Domain Services (formerly AD Directory Services), Lightweight Directory Services (formerly AD Application Mode), Certificate Services, Federation Services, and Rights Management Services. Windows Server 2008 and Windows Server 2008 R2 have reached the end of their support lifecycle and should be upgraded to a more current Active Directory solution. Progent can help you maintain your existing deployment of Windows Server 2008 with Active Directory, migrate to a modern equivalent of these products, or plan and implement a hybrid deployment that combines on-premises and Azure versions of Active Directory technology.
Contact Progent for Help with Active Directory and Microsoft Entra
If you are looking for expert help in designing, deploying, optimizing or troubleshooting an Active Directory or Microsoft Entra solution, call Progent at 800-993-9400 or visit Contact Progent.