问题描述

  Azure堆栈8节点服务器 

 Azure stack 8 node servers 

Azure AD并处于连接模式（付费使用）

Azure AD and in connected mode (Pay as a use)

多租户（其他公司将订购他们的产品，计划和租户） 

Multi tenants (other companies will subscribed with their offering, plans and tenants) 

问题

1）租户A（订户）如何将自己的本地活动目录与Azure堆栈租户集成。客户希望在azure堆栈租户（使用IAAS或PAAS服务）中部署Web应用程序，并且他希望其本地活动目录
用户将近300名用户将能够使用其本地活动目录林访问该应用程序（部署在本地数据中心）。租户管理员不想同步。所有军团。 Azure Active Directory的本地用户（由于某些投诉
问题） 

1) How does a Tenant A ( a subscriber) integrate  its own local active directory with Azure stack tenant . The customer wants to deploy a web applications in azure stack tenant (using the IAAS OR PAAS Services)  and he wants its local active directory users almost 300 users will able to access that application using their local active directory forest ( deployed in On-premises datacenter). Tenant A administrator does not want to sync. all corps. local users to Azure Active directory (due to some complaint issues) 

2）不同的租户可以在Azure堆栈中创建站点到站点VPN（如租户A想要的建立一个S2S VPN，以便他可以将其本地Active目录扩展到Azure堆栈租户IAAS服务器） 

2) Can different tenants create a site to site VPN in Azure stack ( like tenant A wants to establish a S2S VPN so that he can extend its on-premises Active directory to Azure stack tenant IAAS Server ) 

推荐答案

对于Active Directory问题，如果客户不希望与AzureAD同步，则与现有AD基础结构集成的最佳/安全方法是将ADFS端点公开给Azure Stack应用程序可访问的网络并使用身份验证
像ws-fed，oAuth或open-id这样的协议连接来验证用户。

For the Active Directory question, the best/secure way to integrate with an existing AD infrastructure if the customer does not want to sync with AzureAD, is to expose an ADFS endpoint to a network accessible by the Azure Stack application and using authentication protocols like ws-fed, oAuth or open-id connect to authenticate users.

希望有所帮助！

-

Shri

这篇关于将On-Premises Active目录与Azure Stack租户集成的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！