Azure Active Directory Domain Services provides a simple solution to Active Directory when deploying workloads in Azure using the Citrix Cloud XenApp and XenDesktop Service or the newly-released XenApp Essentials and XenDesktop Essentials services. Azure AD Domain Services provides AD domain controllers as a service, eliminating the complexity of setting up AD, the ongoing maintenance costs of patching and backing up domain controllers, and the operational expense of domain controller VMs in Azure. This blog post will walk you through the deployment of a XenApp Essentials catalog using Azure AD Domain Services.
Azure AD Domain Services is ideal for pure cloud deployments of Windows applications and desktops where not only the applications, but also their dependencies, such as file and database servers, are also moved to Azure. Azure AD Connect can be used to replicate user identities from an on-premises AD into the Domain Services domain, so users can use their existing logon credentials when accessing the apps and desktops, as shown in the diagram below.
However, note that Domain Services may not be suitable for hybrid use cases, where workloads in Azure continue to access resources on-premises. In this case, the user’s identity in Azure will have a different SID and logon token from on-premises. In some cases, users may be re-prompted for credentials each time they access an on-premises resource. In other cases, applications may break completely if they depend on Windows integrated authentication. For hybrid workloads, we continue to recommend a traditional AD deployment, where domain controllers are deployed on VMs in Azure, connected back to on-premises using a VPN or ExpressRoute as shown below.