New capabilities in Azure Active Directory Domain Services will make it easier for you to move your legacy, on-premises apps to the cloud. The additional capabilities in our managed domain services solution include geo redundancy, faster sync, and resource forests.
Geo-redundancy enhances performance and disaster recovery
Geo-redundancy is a must for large, geographically dispersed organizations with mission critical applications. With the general availability of replica sets you can now create a replica domain controller set for your managed domain in up to four additional regions. With replica sets, your Azure AD Domain Services applications gain enhanced performance and disaster recovery for your business by adding geo-redundancy in different regions.
Diagram of Azure AD Domain Services replica set with two regions.
For most Azure AD Domain Services customers, adding another replica is a quick experience. To learn more about replica sets and how to deploy your own, visit our documentation.
Synchronization speed increases for multiple cores
When managing hybrid identity, you want to know you have the least latency possible between on-site changes and cloud-authenticated updates. To improve this experience, we’ve made changes to the synchronization engine between your managed domain and Azure AD.
We’ve made the following changes to every Azure AD Domain Services-managed domain that is on a resource manager virtual network:
- Three new attributes: CompanyName, Manager and EmployeeID are now available attributes on user objects in your managed domain.
- Faster initial sync and incremental updates: Performance testing reveals our new sync engine delivers significantly faster automation than the previous service. The upgraded service leverages multiple cores to sync memberships in parallel, resulting in the greatest performance for those customers leveraging more cores.
To learn more about synchronization for Azure AD Domain Services, visit our documentation.
Resource forest makes it easier to move legacy protocols onto Azure
You can now create a resource forest-based managed domain without password hash synchronization. In a resource forest, user objects and credentials exist in the on-premises Active Directory Domain Services forest, while still enabling you to lift your resources that use legacy authentication protocols onto Azure. This is great for customers who use smartcards to sign in to their applications.
Diagram of an Azure AD Domain Services resource forest.
When determining whether to create a user forest or a resource forest, we recommend the following guides and resources to help you decide:
Alex Simons (@Alex_A_Simons )
Corporate VP of Program Management
Microsoft Identity Division
Any news on if there will be an”easy” way to move Azure AD Domain Services to a new subscription?
© Microsoft. This article was originally published by Microsoft Azure Active Directory Identity Blog. You can find the original article here.