Accelerate your move to the cloud with new capabilities in Azure AD Domain Services

This post has been republished via RSS; it originally appeared at: Azure Active Directory Identity Blog articles.

Howdy folks!  

 

New capabilities in Azure Active Directory Domain Services will make it easier for you to move your legacy, on-premises apps to the cloud. The additional capabilities in our managed domain services solution include geo redundancy, faster sync, and resource forests. 

 

 

Geo-redundancy enhances performance and disaster recovery

Geo-redundancy is a must for large, geographically dispersed organizations with mission critical applications. With the general availability of replica sets you can now create a replica domain controller set for your managed domain in up to four additional regionsWith replica sets, your Azure AD Domain Services applications gain enhanced performance and disaster recovery for your business by adding geo-redundancy in different regions.  

 

 

11.jpg

Diagram of Azure AD Domain Services replica set with two regions. 

For most Azure AD Domain Services customers, adding another replica is a quick experience. To learn more about replica sets and how to deploy your own, visit our documentation 

 

 

Synchronization speed increases for multiple cores

When managing hybrid identity, you want to know you have the least latency possible between on-site changes and cloud-authenticated updates. To improve this experience, we’ve made changes to the synchronization engine between your managed domain and Azure AD. 

 

We’ve made the following changes to every Azure AD Domain Services-managed domain that is on a resource manager virtual network: 

 

  • Three new attributes:CompanyName, Manager and EmployeeID are now available attributes on user objects in your managed domain.  
  • Faster initial sync and incremental updates:Performance testing reveals our new sync engine delivers significantly faster automation than the previous service. The upgraded service leverages multiple cores to sync memberships in parallel, resulting in the greatest performance for those customers leveraging more cores. 

 

To learn more about synchronization for Azure AD Domain Services, visit our documentation.  

 

 

Resource forest makes it easier to move legacy protocols onto Azure 

You can now create a resource forest-based managed domain without password hash synchronization. In a resource forest, user objects and credentials exist in the on-premises Active Directory Domain Services forest, while still enabling you to lift your resources that use legacy authentication protocols onto Azure. This is great for customers who use smartcards to sign in to their applications. 

 

33.png

Diagram of an Azure AD Domain Services resource forest.  

When determining whether to create a user forest or a resource forest, we recommend the following guides and resources to help you decide:

 

 

And as always,  join the conversation in the Microsoft Tech Community and send us your feedback and suggestions. You know we’re listening!  

 

Best regards, 

 

Alex Simons (@Alex_A_Simons ) 

Corporate VP of Program Management 

Microsoft Identity Division 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.