13

We have a small business and currently don't have a need for a domain within our office. We have a basic network and a single server running Windows Server 2008 R2 with some file shares and 3rd party apps.

We use Office 365 and have a Windows Azure subscription. The two seem to be keeping the Active Directory for our organisation in sync pretty well. (i.e. The data looks the same on both systems)

All of the thrid party apps we run on our app server support LDAP as an identity provider but because we don't run a domain we are having to get each user to create a new login/password for these services.

Ideally we'd like to get this server to sync from Azure/Office 365 and allow users to then authenticate using their Office365 credentials.

All of the literature I have found talks about synchronising FROM on-premise to Azure but we'd like to rather sync FROM Azure/Office 365 to our on premise server. I guess our on-premise server become a federated identity provider for our Office 365 directory...

Is this possible or do we need some 3rd party LDAP provider that can federate identities from Azure or Office 365?

Adrian Hope-Bailie
  • 255

4 Answers4

11

Short answer: No. However, like @Nathan-C described, you can stand up the required services using Azure Iaas (either DC+DirSync+ADFS or DC+Dircync w/pwd sync) in order to achieve single sign-on between your your Office365 apps and your on-prem apps. You would need to deploy a VPN link between Azure and your local network.

Azure AD is NOT "regular" Active Directory.

Trondh
  • 4,231
3

All of this information is old, I just wanted to help someone that was looking for it. Today 10/25/2016 I have 20 or so windows 10 laptops that connect and work with Azure AD services directly. It integrates and works perfectly with o365 and many other "cloud" services from Microsoft.

Ahh ... It's a programming thi
  • 131
3

Microsoft recently started offering actual Active Directory services in Azure: https://azure.microsoft.com/en-us/services/active-directory-ds; if you only need centralized authentication, they can fully replace a local AD.

Massimo
  • 72,827
0

No. Azure AD is not really AD. It has less functionality in that it has a more limited schema, and as a service it can't be used to authenticate/manage devices as you can with a real Domain Controller and AD.

The use case they support is using Azure AD to manage the logins on Windows 10 machines; and you can use Microsoft Intune for any management (that you would get with policies/management from a 'real' full AD installation)

I'll caution that even the proposed solution- it's not fully 'baked' yet, and if you try it, you will be an early adopter. It's somewhat incomplete functionality (for example, management is non-existant for Macs; you can't do Azure AD join on for OS X), and it's a bit buggy (sometimes machines can auth and join, sometimes silently fail.)

YMMV

Dan R
  • 1