Azure S2S VPN, AAD LDAP

Question

Hi,

We want to establish a S2S VPN between our Azure tenant and on-prem FW, to be able to use LDAP creds for remote dial-in users. Once I've established the VPN, what details do I fill in for the LDAP details, i.e. I can't find these on the Azure portal.

We don't have on-prem AD.

Thanks

Accepted Answer

Azure AD does not support LDAP or secure LDAP directly. You can achieve this by implementing an Azure AD Domain Services (Azure AD DS) instance on your tenant.

Source: https://zcusa.951200.xyz/en-us/azure/active-directory/fundamentals/active-directory-faq -> Last question

Maybe this is helpful.

Regards
Andreas Baumgarten

(Please don't forget to Accept as answer if the reply is helpful)

Answer

This cannot be achieved directly using a VPN gateway with S2S established connection. Azure Tenant and on-premises active directory are different and are not completely similar. You need to deploy Azure Active directory Domain Services here. Azure AD DS provides managed domain services such as domain join, group policy, LDAP, Kerberos/NTLM authentication that is fully compatible with Windows Server Active Directory.
One of the prerequisites for this setup is Azure Active Directory tenant associated with your subscription, either synchronized with an on-premises directory or a cloud-only directory. The process to join a managed domain is the same as joining a regular on-premises Active Directory Domain Services domain.
Now, configure secure LDAP for an Azure Active Directory Domain Services managed domain

Note: The on-premises firewall should also support this secure LDAP over Internet.

----------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

Share via

Azure S2S VPN, AAD LDAP

1 additional answer

Your answer