With the modern workplace getting more and more into the businesses, you might want to verify if your devices have been joined to both your local on-premises AD and Azure AD. Just one simple command is all you need to verify the status.
On the (hybrid) domain joined device open up a command prompt as administrator, and run the following command:
This should give you a result like below. The explanation for each value can be found below.
With the move to the cloud there might be a time where you would like to remove the Active Directory link (AD Connect) and go for a cloud only strategy. With a few simple steps you can disconnect the AD connect sync from Azure AD.
When you look in your Office 365 environment you will notice that the sync status has different symbols. One for cloud only, and one for Active Directory. To disable the link, open a PowerShell window and run the following steps.
STEP 1: First make sure that you disable the AD Connect sync service by disabling the service, or set it to staging mode.
STEP 2: Connect to your Microsoft Office 365 environment using the following command, and login to the desired environment:
STEP 3: Now run the following command to disable the sync, confirm your actions, you cannot undo this change!
Frequently I get the question, how are we going to manage our legacy Azure IaaS servers? Should we deploy domain controllers? or should we setup a VPN connection with our on-premise environment?
Before we can start answering these questions we will need to learn more about AD DS.
Azure AD Domain Services provides managed domain services such as domain join, group policy, LDAP, Kerberos/NTLM authentication that are the same as traditional domain controllers. You can consume these domain services without the need for you to deploy, manage, and patch domain controllers in the cloud. Azure AD Domain Services integrates with your existing Azure AD tenant, thus making it possible for users to log in using their corporate credentials. The AD DS is available in a VNet of your choice.
AD DS works with cloud-only or synced with on-premise AD. Important to know is that Password hash synchronization is mandatory for hybrid organizations to use Azure AD domain services. This requirements is because users credentials are needed in the managed domain to authenticate using NTML or Kerberos.