Back to Describe Azure architecture and services

Microsoft Entra Domain Services

5 minutes 5 Questions

Microsoft Entra Domain Services provides managed domain services, reducing the overhead of managing and patching domain controllers yourself. It enables you to join Azure virtual machines to a domain without needing to deploy domain controllers in Azure. Importantly, it's *not* intended to replace …

Microsoft Entra Domain Services: A Comprehensive Guide

{'importance': '***Why is Microsoft Entra Domain Services Important?***', 'what_it_is': '***What is Microsoft Entra Domain Services?***', 'how_it_works': '***How Microsoft Entra Domain Services Works***', 'exam_tips_title': '***Exam Tips: Answering Questions on Microsoft Entra Domain Services***', 'exam_tips_content': "When answering questions on the AZ-900 exam relating to Entra DS, consider these points:brbr *Understand the Use Cases*: Know when Entra DS is the right solution. It's ideal for migrating legacy apps to Azure that require traditional Active Directory. It is *not* a full replacement for a traditional on-premise Active Directorybrbr *Synchronization*: Remember that user accounts are synchronized from Microsoft Entra ID, not created directly in Entra DS.brbr *Managed Service*: Understand that Entra DS is a *managed* service, meaning Microsoft handles the underlying infrastructure and patching of the domain controllers. This removes the management overhead for you.brbr *VNet Integration*: Recognize the importance of VNet integration. VMs needing domain services *must* be in the same VNet (or a peered VNet) as the Entra DS instance.brbr *Security Considerations*: Be aware it does not support all advanced features of Active Directory, and has some limitations in terms of schema extensions and granular control.brbr _Common Question Types:_ Expect questions asking you to choose the best service for migrating legacy applications that need Active Directory functionality, or to identify the steps involved in configuring Entra DS.", 'importance_details': "Microsoft Entra Domain Services (Entra DS, previously known as Azure AD Domain Services) provides managed domain services such as domain join, group policy, LDAP, and Kerberos/NTLM authentication. It's crucial when you want to migrate legacy applications to Azure that require traditional Active Directory features without deploying and managing your own domain controllers in VMs. It addresses hybrid scenarios and simplifies management by extending your existing on-premises Active Directory or a cloud-only Microsoft Entra ID to provide these capabilities.", 'what_it_is_details': "Entra DS is a platform-as-a-service (PaaS) offering that provides domain services in Azure. Key features include:brbr *Domain Join:* Enables you to join Azure VMs to the managed domain.brbr *Group Policy:* Lets you manage the configuration of computers and users in the domain.brbr *LDAP:* Supports Lightweight Directory Access Protocol for directory lookups.brbr *Kerberos/NTLM authentication:* Handles legacy authentication protocols.brbr Essentially, it's a managed Active Directory instance in the cloud, removing the need for you to manage domain controllers.", 'how_it_works_details': "When you enable Entra DS, Azure sets up domain controllers behind the scenes. These domain controllers are managed by Microsoft. Here's the general flow:brbr 1. *Enablement*: You enable Entra DS within your Azure subscription, linked to an existing Microsoft Entra ID (cloud-only) or Azure AD Connect synced domain (hybrid).brbr 2. *Synchronization*: If you're using Azure AD Connect, user accounts, groups, and credentials are automatically synchronized from your on-premises Active Directory *to* Microsoft Entra ID and then *to* Entra DS. For cloud-only Microsoft Entra ID, the same user accounts are used.brbr 3. *Virtual Network Integration*: Entra DS is deployed into a virtual network (VNet) of your choice. Azure VMs that need to use domain services must be connected to the same VNet (or a peered VNet).brbr 4. *Authentication*: When an application or VM attempts to authenticate against the domain, it interacts with the managed domain controllers within Entra DS using standard protocols (Kerberos, NTLM, LDAP).brbr 5. *Management*: You can manage Entra DS through the Azure portal and using Group Policy (through a jump box VM using the RSAT tools).brbr _Important Considerations:_ The Microsoft Entra ID is the source of truth for users. You cannot directly create users in Entra DS; they must come from Microsoft Entra ID.", 'important_differences': '***Important Differences between Azure AD, Microsoft Entra ID and Domain Services ***', 'important_differences_information': '*Microsoft Entra ID:* The cloud-based identity and access management service to manage single sign-on. Identity provider for many SaaS/PaaS solutions.brbr *Entra Domain Services:* Brings traditional AD capabilities (domain join, group policy, LDAP, Kerberos/NTLM) to Azure without needing to manage domain controllers. Provides a *subset* of AD features. Uses a separate forest from any on-premises Active Directory implementation.brbr *Azure AD Connect:* A tool used to synchronize identities between your on-premises AD environment and a directory instance.'}

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

🎓 Unlock Premium Access

Microsoft Certified: Azure Fundamentals + ALL Certifications

🎓 Access to ALL Certifications: Study for any certification on our platform with one subscription
2004 Superior-grade Microsoft Certified: Azure Fundamentals practice questions
Unlimited practice tests across all certifications
Detailed explanations for every question
AZ-900: 5 full exams plus all other certification exams
100% Satisfaction Guaranteed: Full refund if unsatisfied
Risk-Free: 7-day free trial with all premium features!

More Microsoft Entra Domain Services questions

31 questions (total)

Start 31 question test