One thing to note is, Azure Active Directory (AAD) and traditional/on-premises Active Directory (AD) are similar yet two very different things. One thing to note is, Azure Active Directory (AAD) and traditional/on-premises Active Directory (AD) are similar yet two very different things.
When you’re focusing on traditional On-Premises AD, you have the ability:
- Create Organizational Units (OUs),
- Create Group Policy Objects (GPOs),
- Authenticate with Kerberos,
- Working with a single domain (machine joins),
- Query and interact with Lightweight Directory Access Protocol (LDAP),
- Domain trusts between multiple domains,
- And so on…
With Azure AD (AAD), functions mentioned above do not exist. AAD is simply an identify solution, and essentially a federation hub for online services, ie. Office 365, Facebook, and other various 3rd party applications/websites, etc.
- Users and groups can be created but in a flat structure, things like OUs and GPOs do not exist in AAD.
- Since there is no domain trust with AAD, federated services are used to create a relationship. This can be achieved with ADFS, which allows On-Prem AD to communicate and authenticate with SSO (Single Sign On).
- Also, you cannot query against AAD with LDAP, however you can use REST API’s that work HTTP and HTTPS.
Here is a great article, along with many others on the web, that help explain. https://blogs.technet.microsoft.com/chrisavis/2013/04/24/active-directory-differences-between-on-premise-and-in-the-cloud/
