What is Azure? Can it replace an on premise Active Directory?

As you might guess, I'm a complete newbie to Azure and have no knowledge of it at all.
I have a project for which I need to find the most efficient and cost effective solution. Rather than me ask questions, perhaps its better I explain the project and hopefully someone will be able to tell me if Azure will provide a solution.
I have an on premise SBS 2003 R2 server which I need to replace due to the end of life of Server 2003 R2. This server provides, AD, Exchange and File & Print services to around 40 users. I have been given the remit of 'spend as little as possible
and use Cloud services as much as possible' to achieve the migration but I don't want it to be at the expense of productivity and end user harmony.
I have started trialling Office 365, which will hopefully take care of the File and Exchange side of things. So far the users have found it a bit frustrating trying to navigate to files on SharePoint. They are unable to effectively map a drive or explore
to SharePoint and they are frequently asked to enter their O365 password, on top of their local domain password. Although I've not tried Single Sign On, it sounds like this might resolve the issues we're having with O365.
From what I've heard, I'd need an on premise AD server in order to implement Single Sign On, so this means buying a new on premise 2012 server to replace the 2003 SBS server. This obviously means expense. I'm wondering if there is an alternative solution
that addresses the Single Sign On problem and gives me AD features, such as group policy, but without the necessity for an on premise server. Ideally it would also give me print server features too.
Has anyone any idea if Azure can provide an effective solution to my project or have any other solutions. If not, I'll have to get the on premise server.

Hi TIMTAM73,
This is actually a great topic around the position of Azure for the Enterprise environment and how Azure AD might help.
You've earlier mentioned that you're currently trial-ing O365, for which I truly congratulate you. In my opinion, that's by far the best SaaS product for organizations looking for a professional Exchange, SharePoint and CRM solution.
Please let me also introduce a new term to the discussion, namely Azure Active Directory (AAD, for short). AAD is what the entire Office 365 users & groups repository is based on.
In terms of Windows Server Active Directory, if you're looking to domain-join your organizational computers after you ditch your ancient-WS2003 server, please be advised that AAD won't help, because currently AAD is NOT an LDAP, meaning that it's only
a little more than a user&groups repository and that's it. However, because you were advised to look more into cloud services, please note that there's always the option of deploying a VM with Windows Server 2012 R2 installed and install the role of Active
Directory Domain Services on it. This also means that you get LDAP, but on a newer system.
Afterwards, you'll have to worry how your organizational computers will join the domain you created "in the cloud". Here's where Azure Virtual Networks come in. Considering that you have a decent router, you have the option of creating a site-to-site
VPN and thus connect your local LAN to a network of cloud services which will be hosted on the same IP classes where your computers are: voila, you get domain-joined computers on a cloud-hosted VM.
Lastly, because Exchange might be too expensive to acquire and maintain, I suggest you look into Office 365. Here, you have the option of using the so-called AD Connect (or the generally available and tested DirSync option) which will synchronize your users
and (optionally) password hashes. Additionally, there's also the option of Single-Sing-On (SSO), which will help your users from having to regulary input their credentials.
As for the File and Exchange things, you have a few options:
Use OneDrive for Business and thus your users will get a OneDrive repo directly in File Explorer
Deploy a VM on your cloud service which has the File and Document role installed, with the Work Folders feature and afterwords configure Work Folders on your users' Windows 7/8 PCs
...or simply use a SMB share or FTP on that VM on Azue
Please keep in mind that when it comes to document sharing, it would be best to add at least an additional data drive (with no write caching) and configure the shares on this/these drives. Never use the D:\ drive on the VM - that a temporary storage solution
designed for caching in IIS, for example - or C:\ - the OS disk has write caching applied and you'll eventually get into lots of trouble with your users for loosing their data :).
I hope this helps. I'll be happy to give you more insights and put you on the right track if you miss finding the right documentation.
Alex

Similar Messages

  • Can not Authenticate WLSE Express with Active Directory

    Hi ,All
    I can not authenticate WLSE Express using external database with AD. I have downloaded the agent to the Domain Controller and install it on AD.
    At WLSE Express I found log
    "Error Server 0 RemoteDomainAuth server domain-auth: Agent API encountered error (1)"
    "Error Server 0 Service domain-auth has no active remote servers available"
    "Warning Protocol 0 Request from AP101 (10.224.20.143): User insee-wds rejected (ServiceUnavailable)"
    "Warning Protocol 0 Request from AP101 (10.224.20.143): User insee-wds rejected (InternalError)"
    maybe something wrong on AD ,
    If anyone has an idea , please help me.
    Thankss.

    I got the problem like you.
    Do you have any solution to solve this issue?
    If you have, please e-mail or post to me and everybody who be like this.
    Thank you so much.

  • Mac os x wiki server can't authenticate user password from active directory recently after we upgraded to windows 2008 server.

    after upgraded to windows 2008 server, our  mac os x wiki server can't authenticate user password anymore. How can I re-bind the wiki server to the AD again? thanks in advance.

    Solved it by deleting the user and creating a new one with the same userID.
    Maybe it occured because I marked the "user has to change password after first login" box when resetting the password but didn't yet allow him to do so in the webpages menu?!?

  • What are some typical domain policies in a fresh Active Directory installed environment?

    for example , changing password settings , or USB attachements , ... .

    Hi Arash_gh,
    Security is foundation of all things, I suggest you fist setting the update policy.
    Step 5: Configure Group Policy Settings for Automatic Updates
    http://technet.microsoft.com/en-us/library/dn595129.aspx
    More scenario you can refer the following KB:
    Group Policy Common Scenarios Using GPMC
    https://www.microsoft.com/en-us/download/details.aspx?id=19735
    I’m glad to be of help to you!
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • How can I create digital signatures for my users using Windows 2008 Active Directory Certificate Services?

    Hi,
    I need to create local digital signatures for my users. How can I do that using W2k8 Active Directory Certificate Services? We are gonna sign Office 2010 documents.
    What company offers cheap digital signatures solutions?
    Thanks in advanced

    Consider the following:
    if you use your local CA server to issue digital signature certificates, there is no cost, because you are eligible to issue so many certificates as you need. However, documents signed by these certificates will be considered trusted only within your AD
    forest and other machines that explicitly trust your local CA. Any external client will not trust your signatures.
    If you want to make your signature trusted outside your network (say, in worldwide), you need to pruchase a certificate from trusted commercial CA (VeriSign, GoDaddy, GlobalSign, StartCom, etc) according to respective vendor price list. In that case you
    don't need to have your local CA server, because it is not used. All certificate management is performed by the external CA. A most common scenario is to purchase signing certificate for particular departament principals (head managers) or few certificates
    for a whole company (all documents are revised by a responsible person or persons who holds signing certificate and sign them after review).
    so, it is not clear from your post what exactly you need.
    My weblog: http://en-us.sysadmins.lv
    PowerShell PKI Module: http://pspki.codeplex.com
    Windows PKI reference:
    on TechNet wiki

  • How to authenticate Username and password in MVC using Azure Active Directory

    Need a sample application where in need to authenticate user entered logindetails using Azure Active directory.

    Hi,
    Kindly go through beneath article which helpful to understand the procedure.
    How to Authenticate Web Users with Azure Active Directory Access Control
    http://azure.microsoft.com/en-in/documentation/articles/active-directory-dotnet-how-to-use-access-control/
    Developing ASP.NET Apps with Windows Azure Active Directory
    http://www.asp.net/identity/overview/getting-started/developing-aspnet-apps-with-windows-azure-active-directory
    Adding Sign-On to Your Web Application Using Azure AD
    https://msdn.microsoft.com/en-us/library/azure/dn151790.aspx
    Hope it helps!
    Thanks.
    Dharmesh Solanki
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • How to purchase Azure Active Directory Premium?

    How do you purchase Azure Active Directory Premium?
    I have had a trial, which has expired. I get an email saying to go to the Intune (?) portal:
    Follow these easy steps to purchase a subscription: 
    1)   Sign in to the Microsoft Intune Account Portal, with your User ID
    2)   On the Admin page, on the left pane, under Subscriptions, click Manage.
    3)   Find Microsoft Azure Active Directory Premium trial, and click on it.
    4)   On the Subscription details page click Buy now.
    5)   Follow the steps in the purchasing wizard to complete the purchase process.
    There is no trial subscription and no way to purchase. There has been some discussion that you require an Enterprise Agreement to purchase it:
    http://azure.microsoft.com/en-us/pricing/details/active-directory/

    Hi, 
    If you login to portal.office.com with your username and password and then click on 'Purchase Services' on the left hand side you should be able to go ahead and directly purchase AAD Premium. http://www.edutech.me.uk/active-directory/azure-ad-premium-now-available-via-direct-purchase/
    Thanks, 
    James.

  • Can FIM create OU in Active Directory

    Experts,
    Although I think answer must be YES but asking to confirm as I have not worked on FIM.
    Can FIM also create OU in Active Directory?
    Thanks,
    Mann

    Yes, you can either manage OUs separately or create them during user provisioning, given you set Hierarchical Provisioning up and running.
    That's almost OOTB behavior of AD MA

  • Hi, i have a new number and I'm trying to activate iMessage but i can't.  it is only saying waiting for activation,  i have tried a lot of times with not success.  i'm not sure if i need to replace the old one to this new one, or what do do. can you help

    Hi, i have a new number and I'm trying to activate iMessage but i can't.  it is only saying waiting for activation,  i have tried a lot of times with not success.  i'm not sure if i need to replace the old one to this new one, or what do do. can you help

    Troubleshooting iMessage activation:
    http://support.apple.com/kb/TS4268

  • My iphone 4s fell from the bed and the front screen glass got cracked but the touch screen is working fine, so can i replace just that screen glass?? If not what am i to do ? And how much it might cost me for that repairing??

    My iphone 4s fell from the bed and the front screen glass got cracked but the touch screen is working fine, so can i replace just that screen glass?? If not what am i to do ? And how much it might cost me for that repairing??

    I don't know. You'll have to ask.
    FYI, if the phone was not originally sold in India, it can not be serviced in India. You will have to take it back to the country where it originated.

  • When I try to watch certain videos on my ipad2 it says Thanks for trying to access Flash Player. Unfortunately it is not available for your device because of restrictions that Apple has put in place.  Can any tell me what app I can download to replace it.

    When I try to watch certain videos on my ipad2 it says Thanks for trying to access Flash Player. Unfortunately it is not available for your device because of restrictions that Apple has put in place.  Can any tell me what app I can download to replace adobe flash player.
    Thanks

    Use the iSwifter browser from the app store. Works for most flash content.

  • Can I replace CUA with CUP. If not why or what will be the risks

    Hi,
    The client does not want to have two provisioning systems CUP & CUA. The sole purpose they are using CUA is the proper accounting for SAP licenses such that the user ID remains the same across the landscape. No other purpose of using CUA. In this case can I replace CUA with CUP 5.3 SP12.
    Thanks & Regards,
    Sanjeev

    There are limitations to doing that.
    CUA has a technology focus and does not take access risk into consideration at all. The long-term successor of this would be Netweaver Identity Management. If you want to consistently manage user master data and license information, that's probably the solution to look at.
    You can perfectly use CUP on top of that to manage authorizations. You can also force CUP to only allow user IDs from a central system like CUA or ActiveDirectory in order to enforce user ID consistency.
    What CUP will not do is give you an overview of where a user is maintained with which kind of information/license data. That is something that either CUA (for ABAP only) or Netweaver Identity Management will give you.
    Frank.

  • What parts can I replace in my Satellite A50-106

    Hi guys.
    I've got some idea to replace few parts in My A50-106.
    And This is My question. What can i replace :), maybe processor or something else from HW ??
    Thx for response.

    You can replace HDD with more capacity and RAM module. This notebook can handle with max 1 GB of RAM. Two memory slots are available. Compatible modules are:
    PC2700 512MB (PA3312U-1M51)
    PC2700 1024MB (PA3313U-1M1G)
    I am not 100% sure but I believe you can also exchange ODD (optical disc drive) with better one. Check please users manuals. Probably there you can find a list of all compatible ODDs.
    Good luck!

  • What is the latest version where you can use replace tabs?

    I will only use a firefox version that has a replacetabs add-on option - which is the most updated version that can utilize this function?

    What do you mean with replace tabs option?
    Do you want to open links in the current tab instead of in a new tab or window?
    You can look at these extensions:
    *Tabberwocky: https://addons.mozilla.org/firefox/addon/14439
    *Tab Utilities Lite: https://addons.mozilla.org/firefox/addon/62581
    *Tab Utilities: https://addons.mozilla.org/firefox/addon/59961

  • My ipod doesn't turn on and doesn't charge at all.what will i do?can i replace that for free?i just used it for 7 months

    my ipod doesn't turn on and doesn't charge at all.what will i do?can i replace that for free?i just used it for 7 months..hope you can help me

    See http://support.apple.com/kb/TS3281.  I had the same problem, but solved it by holding down the home button and the on/off button for 10 seconds.  If you are lucky, that will work for you as well!

Maybe you are looking for

  • I have a problem with simulation in Matlab 6.5 and LabVIEW for PID controllers

    I have a problem with simulation in Matlab 6.5 and LabVIEW. I have some methods for granting PID controllers in MATLAB to go but not LabVIEW. International Teams degree to transfer two but when I go past the fourth degree no longer work. We changed t

  • TIPS/Help--Vocal Mixes

    I am having a horrible time trying to tame my vocals. I am using Shure SM7 with Apogee Duet into iMac 24". I have all my levels crazy low, I'm recording at like -18db to -12 db. In that range, I'm leaving tons of headroom. I usually apply compression

  • Internal table with work area

    hi all, data: BEGIN OF it_summ OCCURS 0.   INCLUDE STRUCTURE yapn_summary.   data: END OF it_summ. data : wa_demo1 type yapn_summary. clear wa_demo1.         wa_demo1-sumr = 'hai'. append wa_Demo1 to it_summ. WRITE: it_summ-sumr. its not get output..

  • BIAR file import error

    Hi, We had BO XI 3.1 without SP in my previous server, from this we exported a BIAR file with repository contents. After that we remove that server and installed BO XI 3.1 SP3 and trying to import the same file and geting this error message Failed to

  • Font download not working in IE 10

    Hello! We are building a product based on web tech (html, css, javascript). When our customers are running what we built in IE 10 they dont get the correct fonts or our icons that are font based. We can reproduce the error on our end by disabling fon