Active Directory and Azure Active Directory Support
Active Directory (AD) is Microsoft's core identity management and directory service for on-premises, cloud-based, or hybrid networks. On-premises Active Directory enables centralized single-sign-on (SSO) for applications and services and supports infrastructure components such as DNS, DHCP, IPsec, Wi-Fi, NPS, and VPN. When on-premises Active Directory Domain Services (AD DS) is installed on a server, that server can be promoted to a domain controller for domain management with support for Group Policy, fine-grained password policy, Active Directory Admin Center, and other features.
Azure Active Directory is Microsoft's cloud-based Identity-as-a-Service (IDaaS) solution for identity, access management, and security. Azure AD allows you to register users, groups, apps, and devices with Azure to enable SSO access to apps and Microsoft 365 accounts. With the Azure AD Connect application installed on-premises, you can sync local usernames and passwords up to Azure AD to support a hybrid network model.
For two decades, Progent has delivered expertise for all releases of Active Directory and Active Directory Domain Services (AD DS), providing the knowledge and experience needed to design, deploy, and troubleshoot complex AD deployments across an enterprise.
Deploying Hybrid Networks with Azure Active Directory Domain Services
Applications slated for moving to the cloud might depend on traditional AD domain features like Group Policy, Domain Join, LDAP, or Kerberos/NTLM authentication. Updating application code to use native Azure AD services can be difficult even if you have source code. But you cannot deploy a VM in Azure for running an AD DS domain controller without a site-to-site connection like VPN. Azure AD Domain Services (Azure AD DS) solves this problem by allowing you to create a managed domain in an Azure VM to support traditional authentication methods and features.
Azure AD DS enables a hybrid cloud/on-premises deployment model for Active Directory
Azure AD DS lets you implement a managed domain in Azure to provide legacy authentication methods and features. Azure AD Connect allows you to synchronize your on-premises AD users and groups to Azure AD and then synchronize in the cloud from Azure AD to Azure AD DS. You can then deploy a server on your Azure virtual network, install AD DS tools, and connect to the managed domain.
This hybrid deployment model allows on-premises accounts to have the same usernames and passwords as they do in Azure and so delivers a consistent experience for apps, services, and users. Azure takes care of patching and administering the managed domain controller's network resources and synchronization engine and maintaining high availability. Your legacy apps can authenticate against the managed domain, and you can administer an AD DS managed domain using familiar tools like Active Directory Admin Center or MMC snap-ins like DNS or Group Policy.
Special Features of Azure AD
Azure AD provides identity and security management for cloud resources including Microsoft 365, the Azure portal, and various Software-as-a-Service (SaaS) applications. Azure AD offers a growing list of cloud-based identity and access management features unavailable with on-premises versions of Active Directory. These innovations include:
How Progent Can Help You with Active Directory
- Support for multi-factor authentication (MFA) and passwordless identity technologies such as FIDO2
- Ability for SaaS apps that support OAuth2, SAML, and WS-* authentication to utilize Azure AD authentication
- Integration with Microsoft Intune for mobile device management and the ability to evaluate mobile device state information during authentication. (On-premises AD requires third-party solutions to support mobile devices.)
- Entitlement management for automating access request workflows, access assignments, reviews, and lifecycles. Entitlement management streamlines at scale the process of managing access to groups, apps, and SharePoint Online sites for internal and external users.
- Azure AD managing roles can be enhanced with Privileged Identity Management (PIM) for just-in-time, time-bound, or workflow-based access to privileged roles. PIM allows you to require approval to activate privileged roles, receive notifications when privileged roles are activated, use justification to understand why users activate privileged roles, and conduct access reviews to determine whether users still need roles.
Progent's Microsoft-certified AD consultants offer expertise in planning, testing, deploying, managing, and debugging Active Directory solutions for Windows Server 2019, Windows Server 2016, and Windows Server 2012 R2. Progent can also help you maintain a legacy edition of Active Directory or migrate efficiently to a modern version. Progent's Microsoft Azure experts can help you design and carry out an efficient migration from an on-premises deployment of Active Directory to cloud-hosted Azure AD or to a hybrid model that unifies identity management across on-premises and cloud resources. Progent can also provide Cisco-certified network infrastructure engineers to help you enhance the performance and resilience of your network infrastructure. In addition, Progent's CISA, CISM, GIAC, and CISSP certified security professionals can evaluate your enterprise-wide security and compliance and recommend improvements appropriate for a large-scale, multi-site environment.
Online and on-site consulting services available from Progent's Active Directory and Microsoft Azure experts include:
- Progent's Microsoft-certified consultants have extensive experience troubleshooting complex Active Directory issues such as replication problems, multi-domain partition configurations, corrupted AD objects, clean-up of legacy beta software configuration objects in production AD environment, and repair of failed installations of AD and AD-integrated applications. Progent is also skilled in using 'expert only' AD tools such as ADSIEDIT, NTDSUTIL, DCDIAG and NETDIAG.
- Progent can help you deploy Azure AD Connect to implement a hybrid identity solution with Active Directory. Progent can show you when and how to deploy AD Connect for password hash synchronization, pass-through authentication, and Federation integration using your on-premises AD FS infrastructure.
Progent can help you use Azure AD Connect to build a hybrid AD solution
Support for Legacy Versions of Active Directory
- Progent offers expertise in designing an enterprise Active Directory environment with multiple locations and can deliver fast, efficient solutions for fault tolerant architecture, placement of servers and services, and AD server roles.
- Progent can design and implement an optimal DNS configuration that correctly handles internal, external and remote users.
- To save clients the cost of expensive reconfigurations that may be required as a result of poor initial decisions, Progent can help make key early decisions concerning Active Directory and Azure AD naming standards, hierarchical model, IT management structure, utilization and structure of Group Policy objects, plus security and auditing definitions. Progent can also anticipate the impacts of server and service configurations on functionality and performance.
- To maximize system robustness and availability, Progent's engineers can help create an Active Directory architecture and provide expert implementation that features enterprise class redundancy, fault tolerance, effective data protection systems, and seamless disaster recovery.
- Progent can diagnose and resolve complex problems concerning workstation, mobile endpoints, and server authentication in an Active Directory or Azure AD environment.
- The specialists in Progent's Experts Team can implement and support applications integrated with Active Directory and Azure AD by providing Microsoft Exchange Server 2019 integration, Microsoft Exchange 2016 planning and deployment, , and Cisco Unified Communications Manager/CallManager expertise.
- Progent can help architect, plan and manage the migration/merging of an acquired entities Active Directory environment into a single AD structure.
- For enhanced security, Progent can provide assistance designing enterprise-wide security policies and procedures and work with Active Directory and Azure AD configuration to implement such policies.
Windows Server 2008 introduced major enhancements to Active Directory including AD Domain Services (formerly AD Directory Services), Lightweight Directory Services (formerly AD Application Mode), Certificate Services, Federation Services, and Rights Management Services. Windows Server 2008 and Windows Server 2008 R2 have reached the end of their support lifecycle and should be upgraded to a more current Active Directory solution. Progent can help you maintain your existing deployment of Windows Server 2008 with Active Directory, migrate to a modern equivalent of these products, or plan and implement a hybrid deployment that combines on-premises and Azure versions of Active Directory technology.
Contact Progent for Help with Active Directory and Azure AD
If you are looking for expert help in designing, deploying, optimizing or troubleshooting an Active Directory or Azure AD solution, call Progent at 800-993-9400 or visit Contact Progent.