So, how we authenticate users in organization in traditional way? We need to store users’ data and then authentication needs to be achieved against that.
We can consider Active Directory as some kind of Database specially builds for User management. Active Directory Domain Services (AD DS) works as domain controller that authenticates and authorizes users and/or objects in a network.
Target Audience: Beginners, IT Administrators, Cloud Enthusiasts
- Active Directory
- Comparison of Active Directory and Azure Active Directory
- Important FAQs
Now the question should be, what details are stored in the Active Directory (AD)
Active Directory stores different objects and it has three naming contexts.
1) Domain – Organizational Units (OU), Computers, Groups, Users, etc.
2) Schema – Classand Attribute definitions
3) Configuration – Configuration details for services, contexts, and sites
In the Cloud scenario, how to manage identities considering security concerns?
Microsoft provides Azure Active Directory multi-tenant and scalable service to manage identities in Cloud. It also facilitates by providing single sign on and multi-factor authentication.
If we integrate and configure single sign on and multi-factor authentication, it will be very easy to manage users in cloud environments.
In such situation, how Azure AD is different from Windows AD in traditional environment?
Azure AD is mainly an Identity and Access Management service with built-in federation; it also supports multi-factor authentication while Windows AD is a classic hierarchical X.500-based (true) directory service. Multi-factor authentication is available via free MFA capabilities or paid-for MFA providers
Azure Active Directory
True Directory Service
Identity Management Service
Designed for Intranet Application and User Management
Designed for Internet Application and User Management
Support for Authentication Type
SAML, WS-Federation, and OpenID Connect
Support for Federation
Built-in Federation for many third party applications
With Azure subscription, we get a “Default Directory”; instance of Azure AD. We can create new Directory also.
How to access Data stored in Azure AD?
AAD Graph API provides the way to access content of AAD. It is also possible to create and manipulate information available in AAD with the use of REST API
What Role is required to access Azure AD?
Administrators and co-administrators can manage AAD as they have Global Administrator role assigned to them.