Don't Use Entra Domain Services to Replace Windows Active Directory
ฝัง
- เผยแพร่เมื่อ 1 มิ.ย. 2024
- Correction: Entra DS now supports a two-way trust.
Entra Domain Services (Entra DS) is a Windows AD-compatible service managed by Microsoft. Some may see it as a better alternative to self-hosting Windows AD. However, there are limitations to Entra DS that should be considered before using it to replace domain controllers. This video and accompanying blog post go over those limitations and outline how they could impact an organization.
Links
Free Azure guide! Subscribe to the newsletter
subscribepage.io/rbsIjt
Zero to Hero with Azure Virtual Desktop
www.udemy.com/course/zero-to-...
Hybrid Identity with Windows AD and Azure AD
www.udemy.com/course/hybrid-i...
Windows 365 Enterprise and Intune Management
www.udemy.com/course/windows-...
Entra ID, Windows AD and Entra DS video
• What is Entra ID, Entr... - วิทยาศาสตร์และเทคโนโลยี
Awesome overview, Travis! Thank you so much for providing excellent Azure content. 😎
Thanks for this nice guide!
Thanks for this explanation. Very Helpful.
Thanks again for this video! Love it
Great and clear to me!
Hi Travis love your stuff didnt realize famous you are !
This guy i swear i recognize his voice he has courses on cloud academy he is a celebrity
Limitation: Lack of cloud Kerberos trust, in Entra Domain Services, blocks sign in to domain joined' resources in Entra DS from Entra Joined desktops.
Would you loose directory event logs in Defender for Identity (which is amazing) if you can't install it's agent/Defender for Endpoint?
What if we had done it and got stuck in all those limitations? I have three tenants like this. And i am looking for a solution to move to windows AD or a hybrid with least down time.
I'm confused by your Intune Enrollment limitation point. Wouldn't devices be Entra joined, so the auto enrollment would still work?
Devices joined to Entra DS are not Entra joined. Auto-enrollment with Windows AD joined devices requires Entra Connect Sync for Hybrid join. Entra Connect Sync is not supported with Entra DS. learn.microsoft.com/en-us/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy
Seems like a convoluted offering
We are at the moment on a journey to replace Active Directory, but it will take years and lots of effort
Windows AD has been in most businesses for over 20 years; it will take some time to remove all dependencies. It's good to recognize that at the beginning. Good luck!
I work in the IT industry and Microsoft is telling it’s clients to replace Active Directory with Entra ID so you’re 100% wrong. Microsoft is in the process of phasing out Active Directory. My organization already started the process of migrating. You should consult with Microsoft first before making videos like this. It’s false information.
Please understand that Entra ID and Entra Domain Services (what the video is about) are two different services.