News

Azure Active Directory Domain Services Preview Gets Additional Features

• By Kurt Mackie
• 05/10/2016

Microsoft's Azure Active Directory (AD) Domain Services preview is getting some new tools and features this week.

Azure AD Domain Services was launched as a preview service back in October. It facilitates identity and access capabilities for so-called "legacy applications," particularly apps that don't use SAML or OAuth 2.0 authentication protocols. Azure AD Domain Services is still at the preview stage, but Microsoft is claiming that it's been an "unexpected hit" among users. Consequently, it's adding to its capabilities, as announced today.

One new capability is the ability to join Azure Virtual Machines running Red Hat Enterprise Linux 7 to an organization's domain, according to Microsoft's announcement. Doing so permits organizations to manage the virtual machines using Group Policy. Microsoft added this Red Hat Enterprise Linux 7 capability on top of an existing ability to join an Azure Virtual Machine running Windows Server to an organization's domain.

Microsoft also added support in Azure AD Domain Services for "secure LDAP," otherwise known as Lightweight Directory Access Protocol over Secure Sockets Layer/Transport Layer Security. Secure LDAP enables a secure lookup capability to authenticate end users. Here's how Microsoft described it:

Secure LDAP ensures that sensitive LDAP traffic in your domain is not visible to anyone with a network packet analyzer. This level of security is indispensable, if you want to connect to your directory from an external network or over the internet.

Applications that use Secure LDAP on premises can now be deployed on Azure infrastructure, too, based on this new capability, Microsoft is claiming.

Another new Azure AD Domain Services enhancement is the ability for organizations to create "custom" organizational units (OUs) on their managed domains. OUs are like containers, according to a Microsoft TechNet article description: "Organizational units are Active Directory containers into which you can place users, groups, computers, and other organizational units."

OUs are sometimes used by organizations to manage domain-joined computers. For instance, it's possible to put "all Web servers in a single OU" and "all database servers in a different OU" in order to make managing those servers easier, Microsoft's announcement explained. That capability and others are now turned on with the custom OUs capability.

Microsoft also announced today that it's possible to "administer DNS [domain name resolution server] on the managed domain using DNS administration tools." This new DNS configuration capability in Azure AD Domain Services can be helpful when trying to connect workloads with "load balancers or other non-domain-joined virtual machines," the announcement explained. The capability is now enabled for administrators of Azure AD domain controllers.

Lastly, Microsoft announced today that Azure AD Domain Services are now available in Australia at the preview stage. The service is available from Microsoft's Azure Australia East and Azure Australia Southeast datacenters.