none
Need on-premises directory service, do I need Windows Server or Azure?

    Question

  • Hi all,

    First apology for this novice question, I never use Active Directory before but now need to build up a Windows based network with directory domain service.

    I've been using macOS Server, which allow admin to create mobile users, and apply certain rules to them. All Macs in the network can be configured to choose the machine that runs macOS Server as the directory server.

    After that a mobile user will be able to use any of the Macs in the network, login to their own account and access their own files. And there's home sync function that sync files between Mac client and server regularly.

    Wondering whether Active Directory can do just that. And if yes, do I need Windows Server or Azure? Heard that Azure AD can integrate with Windows 10 and serves as domain controller. I have been searching online but still can't be sure, hope there're experienced users who can give me some hints.

    Thanks in advance!

    Soon Ling

    Tuesday, April 11, 2017 2:24 AM

Answers

All replies

  • Hi Soon,

    <<<After that a mobile user will be able to use any of the Macs in the network, login to their own account and access their own files. And there's home sync function that sync files between Mac client and server regularly.

    Wondering whether Active Directory can do just that.>>>

    Absolutely yes. A pretty good walk through of joining a MAC to AD:

    http://www.techrepublic.com/blog/apple-in-the-enterprise/integrate-macs-into-a-windows-active-directory-domain/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    <<< And if yes, do I need Windows Server or Azure? >>>

    In my opinion, on premise AD is enough for your environment.

    Below is the description of the difference between On Premise AD and In the Cloud AD.

    Active Directory: Differences Between On Premise and In the Cloud

    https://blogs.technet.microsoft.com/chrisavis/2013/04/24/active-directory-differences-between-on-premise-and-in-the-cloud/

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Soon Ao Ling Thursday, April 13, 2017 4:02 AM
    Wednesday, April 12, 2017 10:01 AM
    Moderator
  • Thank you so much Alvin! I'll take a good look, appreciate your kind reply.

    Best Regards,

    Soon Ling

    Thursday, April 13, 2017 3:55 AM
  • Hi all,

    Wondering whether Active Directory can do just that. And if yes, do I need Windows Server or Azure?

    They both can achieve your goal, it really depends on whether you are looking for an on premise or cloudy solution...

    https://www.google.com/?gws_rd=ssl#q=on+premise+vs+cloud&spf=68


    Miguel Fra
    Falcon IT Services
    https://www.falconitservices.com

     

    Thursday, April 13, 2017 4:25 AM
  • Thanks both. We're not going to have lots of in-cloud apps, basically just for onsite students to access a PC so that they can login to couple online portals, so think will go for the traditional on-premises AD server to manage their accounts.

    By the way, for Azure AD Join, if the computer has not internet access, then the user won't be able to login?

    Thursday, April 13, 2017 6:11 AM
  • Hi,

    According to my research, it is technically possible but there are various caveats. First, the cache in the client libraries will automatically try to renew the token as the expiration time approaches - hence you have to save tokens in your own store. Second, you'll be able to send those tokens only to endpoints you own, as you'll need to customize the expiration validation logic to be more tolerant. If you'd send such a token to say Office365 or Azure API, they would reject it as expired.

    Furthermore, I suggest to contact WindowsAzureAD Forum for further help:

    https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=WindowsAzureAD

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 14, 2017 1:15 AM
    Moderator