I have servers spread across multiple on-premises locations that I want to join to Azure AD DS, and I don't want to setup ADFS because it is too much work.
So here is what I am thinking:
Has anyone done this? If so, how do you actually do it? Any advice would be much appreciated. I wasn't able to find a good answer online.
Yes, it is possible.
Yes, you can use Azure ADDS to manage your on-premise workstations provided you have a Site-to-Site VPN connection between on-prem and Azure. Users and groups created in Azure AD are by default synced to Azure ADDS. You can use Azure ADDS to manage and control workstations using GPOs as well. Please refer to https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-group-policy for more details. The only challenge I see in this scenario is, if the site-to-site VPN is down, your workstations will not be able to communicate with Azure ADDS Domain Controllers. Migration of existing users information on the Azure AD to on-premise AD DS is not supported. Using AD Connect, you can preform Group and Device writeback but users cannot be synced from Azure AD to On-prem AD. As a workaround, you may consider deploying Azure ADDS and once the objects are synced from Azure AD to Azure ADDS, export the users using LDIFDE as mentioned here and import it to On-prem AD. Hope this covers all your questions.
Hope this helps!
