I have a use-case question, would you recommend Entra ID Domain Services in this particular requirement, if not what would you recommend: There is a On Premises Active directory domain that is used for testing purposes, the end users does not want to replicate all their identities from Entra ID to this domain, but treat this Domain as a resource domain. and Entra ID users are allowed via trusts to utilise this directories resources
OMG thank you. Saved me from making a BIG mistake. I guess I will give up and just generate a traditional AD DC VM to get my cloud hosted (non AZURE) RDS server to be Entra AUTH SSO friendly, oh well.
Hello I recently introduced to your channel and your videos specially in the context in was working on with and that's azure file share using azure domain services, I can't find a single video that explains how to with some practical demo to show how to map a azure file storage as a mapped drive on azure domain joined virtual machine, the script that generates during connect process fails with credentials error, can you please make one simple complete video explaining that process how to with practical? Thanks
Limitation: Lack of cloud Kerberos trust, in Entra Domain Services, blocks sign in to domain joined' resources in Entra DS from Entra Joined desktops. Would you loose directory event logs in Defender for Identity (which is amazing) if you can't install it's agent/Defender for Endpoint?
What if we had done it and got stuck in all those limitations? I have three tenants like this. And i am looking for a solution to move to windows AD or a hybrid with least down time.
Devices joined to Entra DS are not Entra joined. Auto-enrollment with Windows AD joined devices requires Entra Connect Sync for Hybrid join. Entra Connect Sync is not supported with Entra DS. learn.microsoft.com/en-us/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy
entra domain services also does not support: AD sites and services domain-based DFS roots its performance is terrible, and microsoft support does not know what it is.
Windows AD has been in most businesses for over 20 years; it will take some time to remove all dependencies. It's good to recognize that at the beginning. Good luck!
Complete drivel. Unbalanced. Only focusses on the limitations and why not to use it. Nothing about how in a lot of scenarios this a much better option than building your own VMs and installing AD DS.
I work in the IT industry and Microsoft is telling it’s clients to replace Active Directory with Entra ID so you’re 100% wrong. Microsoft is in the process of phasing out Active Directory. My organization already started the process of migrating. You should consult with Microsoft first before making videos like this. It’s false information.
@@CiraltosWho cares? You’re talking about Entra Domain services which is what I’m taking about so what if I said entra ID by accident. Listen Active Directory is being replaced by Entra Domain services. Microsoft is telling its clients to switch over!!!! Are you claiming that you know more than Microsoft??? How can you tell people to not make the switch when Microsoft is telling people to do this? My organization meets with Microsoft once a week and they’ve been guiding us in the migration process. Again they’re not only telling us to do this, but they’re also guiding us through the process. This video is 100% bad advice. Guys, forget about me! You guys call Microsoft yourself and ask them and find out the truth. If you need to hear it from the horses mouth to accept the truth, then you go find out yourself.
You might replace Active Directory with Entra ID, but not with Entra Domain Services. You're the one that's confused. Entra ID and Entra Domain Services are different products, and Entra ID would be the one you could use to replace onprem Active Directory with fully joined Entra users and computers. If you claim to have different information, provide a source other than "call Microsoft". 🤣
Awesome overview, Travis! Thank you so much for providing excellent Azure content. 😎
Amazing and clarify overview, thank you Travis.
I have a use-case question, would you recommend Entra ID Domain Services in this particular requirement, if not what would you recommend:
There is a On Premises Active directory domain that is used for testing purposes, the end users does not want to replicate all their identities from Entra ID to this domain, but treat this Domain as a resource domain. and Entra ID users are allowed via trusts to utilise this directories resources
OMG thank you. Saved me from making a BIG mistake. I guess I will give up and just generate a traditional AD DC VM to get my cloud hosted (non AZURE) RDS server to be Entra AUTH SSO friendly, oh well.
Glad I could help!
Hello I recently introduced to your channel and your videos specially in the context in was working on with and that's azure file share using azure domain services, I can't find a single video that explains how to with some practical demo to show how to map a azure file storage as a mapped drive on azure domain joined virtual machine, the script that generates during connect process fails with credentials error, can you please make one simple complete video explaining that process how to with practical?
Thanks
Thanks for this explanation. Very Helpful.
Limitation: Lack of cloud Kerberos trust, in Entra Domain Services, blocks sign in to domain joined' resources in Entra DS from Entra Joined desktops.
Would you loose directory event logs in Defender for Identity (which is amazing) if you can't install it's agent/Defender for Endpoint?
Hi Travis love your stuff didnt realize famous you are !
What if we had done it and got stuck in all those limitations? I have three tenants like this. And i am looking for a solution to move to windows AD or a hybrid with least down time.
Thanks for this nice guide!
Thanks again for this video! Love it
Do you have a video that covers installation of Entra Connect Sync and migration of Azure AD Connect sync?
This is older, but I think the process is the same or close. th-cam.com/video/gPLOz1C78As/w-d-xo.html.
This guy i swear i recognize his voice he has courses on cloud academy he is a celebrity
Great and clear to me!
I'm confused by your Intune Enrollment limitation point. Wouldn't devices be Entra joined, so the auto enrollment would still work?
Devices joined to Entra DS are not Entra joined. Auto-enrollment with Windows AD joined devices requires Entra Connect Sync for Hybrid join. Entra Connect Sync is not supported with Entra DS. learn.microsoft.com/en-us/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy
entra domain services also does not support:
AD sites and services
domain-based DFS roots
its performance is terrible, and microsoft support does not know what it is.
We are at the moment on a journey to replace Active Directory, but it will take years and lots of effort
Windows AD has been in most businesses for over 20 years; it will take some time to remove all dependencies. It's good to recognize that at the beginning. Good luck!
You also can't deploy Windows Hello Enterprise
Seems like a convoluted offering
I don't see this becoming popular in countries like Russia, China, India etc. Any kind of US sanctions and your entire enterprise is wiped.
Complete drivel. Unbalanced. Only focusses on the limitations and why not to use it. Nothing about how in a lot of scenarios this a much better option than building your own VMs and installing AD DS.
I work in the IT industry and Microsoft is telling it’s clients to replace Active Directory with Entra ID so you’re 100% wrong. Microsoft is in the process of phasing out Active Directory. My organization already started the process of migrating. You should consult with Microsoft first before making videos like this. It’s false information.
Please understand that Entra ID and Entra Domain Services (what the video is about) are two different services.
Homie didn't even read the title before talking shit
And he has a dexter pfp :vomit:
@@CiraltosWho cares? You’re talking about Entra Domain services which is what I’m taking about so what if I said entra ID by accident. Listen Active Directory is being replaced by Entra Domain services. Microsoft is telling its clients to switch over!!!! Are you claiming that you know more than Microsoft??? How can you tell people to not make the switch when Microsoft is telling people to do this? My organization meets with Microsoft once a week and they’ve been guiding us in the migration process. Again they’re not only telling us to do this, but they’re also guiding us through the process. This video is 100% bad advice.
Guys, forget about me! You guys call Microsoft yourself and ask them and find out the truth. If you need to hear it from the horses mouth to accept the truth, then you go find out yourself.
You might replace Active Directory with Entra ID, but not with Entra Domain Services. You're the one that's confused. Entra ID and Entra Domain Services are different products, and Entra ID would be the one you could use to replace onprem Active Directory with fully joined Entra users and computers. If you claim to have different information, provide a source other than "call Microsoft". 🤣