1
00:00:00,840 --> 00:00:04,990
Now let's pick up where we left off in the previous lesson on Azure AD

2
00:00:04,990 --> 00:00:09,380
Domain Services. Recall in the previous lesson I introduced the main use

3
00:00:09,380 --> 00:00:14,130
cases for Azure AD Domain Services, and those are, number one, for legacy

4
00:00:14,130 --> 00:00:18,520
app migration into Azure where you've got VM‑based applications that

5
00:00:18,520 --> 00:00:23,270
require connectivity to Lightweight Directory Access Protocol, or LDAP, in

6
00:00:23,270 --> 00:00:27,790
Active Directory; you've got Kerberos and NTLM authentication happening;

7
00:00:27,790 --> 00:00:32,150
you want to continue to use group policy for your configuration management.

8
00:00:32,150 --> 00:00:35,620
The other main use case is that you can create an Azure AD Domain

9
00:00:35,620 --> 00:00:40,510
Services managed domain and set up a one‑way trust from the cloud,

10
00:00:40,510 --> 00:00:44,270
from your virtual network, to your local Active Directory to

11
00:00:44,270 --> 00:00:46,030
facilitate resource sharing.

12
00:00:46,030 --> 00:00:50,430
Now, in our example, we're doing Azure AD Domain Services,

13
00:00:50,430 --> 00:00:53,490
not in a cloud‑first way, but in a hybrid cloud way.

14
00:00:53,490 --> 00:00:58,020
So we're going to have Azure AD Connect synchronizing selected identities from

15
00:00:58,020 --> 00:01:02,330
Windows Server Active Directory locally into our Azure AD tenant. And we've

16
00:01:02,330 --> 00:01:05,440
created in the previous module our managed domain.

17
00:01:05,440 --> 00:01:09,100
It's now time to configure that managed domain and actually

18
00:01:09,100 --> 00:01:13,910
start to work with it. Here, the AAD DC Administrators Azure AD

19
00:01:13,910 --> 00:01:16,810
group is going to be where you stage your delegated

20
00:01:16,810 --> 00:01:19,120
administrators for your managed domain.

21
00:01:19,120 --> 00:01:22,670
So that's an important Azure AD group that you should be aware of.

22
00:01:22,670 --> 00:01:27,320
That's your main source of delegated domain admin‑ship,

23
00:01:27,320 --> 00:01:30,270
for lack of a better term, into your managed domain.

24
00:01:30,270 --> 00:01:33,050
And then from the client side, and when I say client,

25
00:01:33,050 --> 00:01:36,360
I'm not necessarily talking about desktop operating systems,

26
00:01:36,360 --> 00:01:39,760
your Windows Server VMs in that virtual network,

27
00:01:39,760 --> 00:01:42,890
the domain join and management into the managed domain is

28
00:01:42,890 --> 00:01:49,000
quite similar, all things considered, to what you see on‑prem, and I'll light that up in the demo.