The 411 on Breaking Up with Active Directory

By Jon Griffin Posted June 8, 2017

The 411 on Breaking Up with Active Directory

Replacing Active Directory®. Is that really possible?

We know. We’ve heard it all before. Microsoft Active Directory has been the only game in town for directory services for almost two decades. It is the highest market share product that Microsoft makes. It is core to their strategy of locking in organizations to the Windows platform. In fact, many IT admins can’t name another directory solution outside of AD and LDAP.

So, is it really possible to break-up with Microsoft Active Directory? Can you really go on your own and still centrally manage users and devices without AD? You can, and you will. We’ll show you how. This article is the 411 on breaking up with AD.

Is Active Directory the Right Solution for You?

Active Directory fails in the cloud

Let’s start with whether Active Directory is right for you or not. If you are an all Microsoft shop, and most of your environment is physically on-prem or in facilities that you control, then we’d say that Microsoft Active Directory is perfect for you. If you are thinking about the cloud, and what that means to you is Microsoft Azure, then that too is a decent setup for AD.

But, if you’re one of the millions of organizations that is moving to the cloud, has Mac or Linux devices, leverages AWS, and isn’t interested in being locked in to Microsoft for the next two decades, then an alternative to Active Directory is critical to you. You see, Microsoft leverages AD to be your core user management system. By controlling users in AD, Microsoft then can decide who to let easily access that information. Of course, Windows systems and applications can easily authenticate and authorize user access as well. If you are using macOS, Linux, or non-Windows-based applications, well, then that becomes pretty tough. Using non-Windows platforms that are also not on-prem, now that’s even harder.

But, we aren’t telling you anything you don’t already know. If you’ve tried to connect non-Windows-based systems to AD, you’ve experienced the pain and likely thought to yourself that there has to be a better way. Fortunately, there is – it’s called Directory-as-a-Service®. As an independent, cloud hosted directory service, you now have an alternative to AD. But, the best part is that while DaaS becomes your central virtual identity provider, you aren’t saddled with the same baggage as AD.

Directory-as-a-Service vs. Active Directory

Here are some of the differences that you should be aware of:

  • No domain – you don’t have the concept of a domain. That means that you don’t have to have anything on-prem. Your users will still have the same ability to log in to anything they need via the same credentials, but you don’t have to worry about a domain controller.
  • Authentication happens locally, but is cloud controlled – under the Active Directory model, if your users lose touch with AD, then they are at risk of being shut out of the domain and consequently of their devices and applications. With Directory-as-a-Service, your device authentication happens locally, but it is controlled through the cloud. Updates are constantly pushed to the device, but if the device isn’t connected to the Internet, that’s ok – everything keeps functioning just fine.
  • Policies – you can execute policies and commands on your devices similar to Group Policy Objects (GPOs) on Active Directory. The best part of this is that the policies are cross-platform. You don’t need to worry about being stuck controlling password policies, screensaver timeouts, guest accounts, etc. for just Windows. Now you can run GPO like capabilities on your Mac and Linux machines as well.

Try DaaS for Yourself

jumpcloud learn more demo

For many IT admins, being steeped in the Active Directory world for a while makes the concept of a cloud-based directory service a little mind bending. If you are open to a different approach, but one that reimagines Active Directory for a cloud first world, you’ll be pleasantly surprised about how easy Directory-as-a-Service can make your central user management control. Drop us a note if you have any questions. Or better yet, give our SaaS directory service a try for yourself. Your first 10 users are a free forever.

Jon Griffin

Jon Griffin works as a writer for JumpCloud, an organization focused on bringing centralized IT to the modern organization. He graduated with a degree in Professional and Technical Writing from the University of Colorado Colorado Springs, and is an avid learner of new technology from cloud-based innovations to VR and more.

Recent Posts