Skip to end of banner
Go to start of banner

Azure AD

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Synergetic Windows Client (SynMain) and Azure AD: Solutions for Authentication Compatibility

The Synergetic Windows client, SynMain (a FAT32 application), relies on Kerberos authentication to communicate with on-premises domain controllers (DC). However, when end-user devices are Azure AD-joined, the SynMain client doesn’t function as expected. This is because Azure AD does not natively support Kerberos authentication.

Why Azure AD Does Not Support Kerberos Authentication

Azure AD is designed primarily for cloud-based authentication and does not include the traditional Kerberos protocol used by on-premises Active Directory (AD). Kerberos relies on a trusted third-party (the Key Distribution Center, or KDC) to issue tickets for authentication, which is a core component of on-prem AD environments. Azure AD, on the other hand, uses modern authentication protocols such as OAuth 2.0 and OpenID Connect, which are not compatible with Kerberos.

Below are the alternative solutions that can be implemented:

  1. Hybrid Azure AD Join (Recommended)

    • Description: This solution allows devices to be both domain-joined and Azure AD-joined.

    • Technical Details:

      • Devices authenticate against on-premises AD using Kerberos while also registering with Azure AD for cloud services.

      • This dual-join configuration ensures that the SynMain client can use domain credentials for authentication via the on-prem AD.

      • Implementation Steps:

        1. Configure Hybrid Azure AD Join in Azure AD Connect.

        2. Ensure devices are synchronized and registered with both on-prem AD and Azure AD.

        3. Verify that Group Policy settings are correctly applied to support Hybrid Join.

  2. Active Directory Domain Services (ADDS) in Azure

    • Description: Set up an Azure Virtual Machine running ADDS, acting as a domain controller in the cloud.

    • Technical Details:

      • Extends on-premises AD infrastructure to Azure, allowing devices to authenticate with this domain controller.

      • Maintains traditional Windows authentication required by the FAT32 application.

      • Implementation Steps:

        1. Deploy an Azure VM and install ADDS.

        2. Configure the VM as a domain controller and join it to the existing on-prem AD domain.

        3. Set up site-to-site VPN or Azure ExpressRoute for secure communication between on-prem and Azure environments.

  3. Remote Access or Virtualization

    • Description: Deploy the FAT32 application on a virtual machine (VM) that remains domain-joined.

    • Technical Details:

      • Users access the VM through Remote Desktop or similar solutions, ensuring the application functions as it would in an on-prem domain-joined environment.

      • Implementation Steps:

        1. Set up a VM in the on-premises environment or in Azure.

        2. Install and configure the SynMain client on the VM.

        3. Provide users with remote access credentials and instructions.

  4. Azure AD Domain Services (AAD DS)

    • Description: Use Azure AD Domain Services to provide managed domain services in Azure.

    • Technical Details:

      • Provides Kerberos and NTLM authentication, domain join, and Group Policy support.

      • Implementation Steps:

        1. Enable Azure AD Domain Services in the Azure portal.

        2. Configure the necessary network settings and synchronize with Azure AD.

        3. Join devices to the managed domain and configure the SynMain client.

By implementing one of these solutions, you can ensure that the Synergetic Windows client (SynMain) continues to function as expected while leveraging the benefits of Azure AD and cloud services. If you need further assistance with any of these steps, please raise a new case through the help portal.

Troubleshooting

TBC

  • No labels