I'm currently working on integrating Azure for an Active Directory Domain Services (AD DS) solution at my company since we don't have Active Directory set up yet. I've come across three main methods to implement this: using Microsoft Entra ID, Microsoft Entra Domain Services, or running AD on a Windows Server VM. Since my goal is to apply Group Policy Objects (GPOs) on user devices and we don't use Microsoft 365, I'm wondering which option would be best suited for our needs. Any insights would be greatly appreciated!
3 Answers
Your main options really depend on your needs. Entra ID is great for managing devices, especially with Intune and Autopilot, but it doesn’t manage servers directly. Entra DS will help with legacy app support and GPOs for server management. However, if you still plan to run a hybrid approach, setting up AD DS on a VM might be beneficial for integrative purposes, allowing for greater flexibility with Kerberos.
If you're focusing on user devices, consider using Intune instead of traditional GPOs. Intune policies are more modern and align well with cloud strategies. You can manage devices seamlessly without needing to run a full-fledged AD DS; just ensure your users have the necessary licenses to access Intune.
It sounds like you're on the right track! If your organization is cloud-first, I'd suggest going with Microsoft Entra Domain Services (Entra DS). It will allow you to manage GPOs effectively for user devices since it deploys two managed domain controllers and replicates Entra accounts to the new AD domain. It's a more streamlined approach compared to setting up a Windows Server VM, which seems unnecessary given your environment.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures