What is Microsoft Entra Domain Services?
Microsoft Entra Domain Services is a managed Active Directory service that provides classic AD features without your own Domain Controllers. The service enables Domain Join, LDAP authentication and Kerberos for legacy applications in the cloud.
Core Features
- Managed Domain Controllers without your own infrastructure
- LDAP, Kerberos and NTLM authentication
- Domain Join for Windows VMs in Azure
- Group Policy support for centralized configuration
- Automatic synchronization with Microsoft Entra ID
Typical Use Cases
- Lift-and-shift of legacy applications that require Active Directory
- Azure VMs with Domain Join for centralized user management
- Applications with LDAP authentication without your own AD infrastructure
Benefits
- No Domain Controller administration required
- Automatic patching and high availability
- Integration with cloud identities from Entra ID
- GDPR-compliant in European Azure regions
Integration with innFactory
As a Microsoft Solutions Partner, innFactory supports you with Microsoft Entra Domain Services: architecture, migration from on-premises AD and hybrid identity scenarios.
Frequently Asked Questions
What is the difference to Entra ID?
Entra ID is a modern identity provider for cloud apps (SAML, OIDC). Entra Domain Services provides classic AD features like LDAP, Kerberos and Domain Join for legacy applications.
Do I need to manage Domain Controllers?
No, Microsoft fully manages the Domain Controllers. You only configure the Managed Domain and synchronize users from Entra ID.
Can I use Group Policies?
Yes, Group Policies are supported. You can apply GPOs to Organizational Units that you create in the Managed Domain.
How does synchronization with Entra ID work?
Users, groups and password hashes are automatically synchronized from Entra ID. Synchronization is one-way only: from Entra ID to the Managed Domain.
