Accelerate your move to the cloud with new capabilities in Azure AD Domain Services

Howdy folks! 

New capabilities in Azure Active Directory Domain Services will make it easier for you to move your legacy, on-premises apps to the cloud. The additional capabilities in our managed domain services solution include geo redundancy, faster sync, and resource forests.

Geo-redundancy enhances performance and disaster

Geo-redundancy is a must for large, geographically dispersed organizations with mission critical applications. With the general availability of replica sets you can now create a replica domain controller set for your managed domain in up to four additional regionsWith replica sets, your Domain Services applications gain enhanced performance and disaster recovery for your business by adding geo-redundancy in different regions.


Diagram of Domain Services replica set with two regions.

For most Domain Services customers, adding another replica is a quick experience. To learn more about replica sets and deploy your own, visit our documentation

Synchronization speed increases for multiple cores

When managing hybrid identity, you want to know you have the least latency possible between on-site changes and cloud- updates. To improve this experience, we've made changes to the synchronization engine between your managed domain and Azure AD. 

We've made the following changes to every Azure AD Domain Services-managed domain that is on a virtual :

  • Three new attributes:CompanyName, Manager and EmployeeID are now available attributes on user objects in your managed domain. 
  • Faster initial sync and incremental updates:Performance testing reveals our new sync engine delivers significantly faster  than the previous service. The upgraded service leverages multiple cores to sync memberships in parallel, resulting in the greatest performance for those customers leveraging more cores.

To learn more about synchronization for Azure AD Domain Services, visit our documentation. 

Resource forest makes it easier to move legacy protocols onto Azure

You can now create a resource forest-based managed domain withoutpassword hash synchronization. In a resource forest, user objects and credentials exist in the on-premises Active Directory Domain Services forest, while still enabling you to lift your resources that use legacy protocols onto Azure. This is great for customers who use smartcards to sign in to their applications.


Diagram of an Azure AD Domain Services resource forest. 

When determining whether to create a user forest or a resource forest, we recommend the following guides and resources to help you decide:

And as always,  join the conversation in the Microsoft Tech Community and send us your feedback and suggestions. You know we're listening! 

Best regards,

Alex Simons (@Alex_A_Simons )

Corporate VP of Program Management

Microsoft Identity Division

Any news on if there will be an”easy” way to move Azure AD Domain Services to a new subscription?   


This article was originally published by Microsoft's Core Infrastructure and Security Blog. You can find the original article here.