6 Reasons Active Directory Isn’t Working Any More

Written by Greg Keller on June 8, 2016

Share This Article

Microsoft Active Directory used to be a slam dunk for enterprises.

But a lot has changed since AD came on the scene in 2000. Now, for some IT departments, Active Directory simply isn’t working that well any more. Startups and established enterprises are now considering what was once unthinkable: using a directory other than Microsoft AD.

Many have jumped ship already – and the reports are good.

We’ll explain how AD alternatives can work at the bottom of this page, but first here are six factors that are driving enterprises away from Microsoft Active Directory.

1. The Rise of The Macs (and Linux)

15 years ago, Macs were a rare sight to behold in an office setting. By 2012, about half of US businesses were issuing Macs to at least some employees and ⅕ of information workers were using Macs.

By 2014, 71% of businesses supported Macs – and rising.

The shift appears to be driven by the simple fact that users prefer Macs. 73% of IT administrators who support Macs identified “user preference” as a reason for making the move; 40% cited “applications that only run on Macs” [Dimensional Research, 2014].

Note:  IT doesn’t actually find Macs easier to support. 40% of respondents said that Apple machines are more difficult to manage and only 8% said that all of their required apps work well with Macs.

If you want help on this topic, check out our guide to Mac Management for Enterprise.

The other rising player in enterprise computing is Linux, which is sitting at about 10% market share. Companies like Google, Facebook, and BMW use Linux, largely to take advantage of its customizability.

Why heterogeneous device environments prevent Active Directory from working well:

Microsoft Active Directory has been designed from the ground up to be compatible with Windows devices. When it comes to managing Mac and Linux devices, AD is clumsy.

2. Google Apps for Work (and all the other Apps for Work)

Microsoft’s enterprise empire was built with its Exchange email platform as a major pillar. Today, the majority of mid-sized companies host their email with Gmail.

Microsoft once could rely on its Office productivity suite (Word, Excel, PowerPoint, etc.) as the de facto standard for organizations around the world. Today, G Suite™ is leading the charge of cloud-based productivity apps with millions of businesses on board.

This is, of course, in addition to a wellspring of other cloud-based business apps, like SalesForce, Hootesuite, Slack, and on and on and on.

Why enterprise apps prevent Active Directory from working well:

The thing about these apps is that they’re hosted on the cloud, which means they’re not hosted on Windows machines or servers on-premises. Active Directory simply isn’t built to manage a plethora of cloud-based apps developed by a cohort of different third-parties.

3. AWS and Infrastructure-as-a-Service (IaaS)

If you think managing apps from the cloud with AD is hard, try managing entire infrastructures.

That would have been unthinkable when Amazon first launched its S3 web service in 2006. But that’s exactly what more and more organizations are staring down as Amazon Web Services (AWS) continues to expand its reach:  one million enterprise customers and growing at a rate of 81% per year (TechCrunch, 2014)

Why AWS and IaaS prevent Active Directory from working well:

The same problem that enterprises run into with Active Directory and Cloud-based apps, they run into with AWS and other IaaS. Microsoft AD simply wasn’t designed to manage, authenticate, and authorize access to cloud-based infrastructure.

The result is that even while AWS and IaaS provide immense productivity benefits (and cost savings) for businesses, managing them with AD is an immense headache.

4. Add-On Overload!

IT administrators who are struggling with AD’s shortcomings have been forced to look to third-party solutions to supplement AD. These add-on solutions are kind of like renovating a single bedroom home to sleep a family of six – it might work, but it’s going to get complicated.

Some examples of add-ons include directory “extensions,” which seek to extend AD to Linux systems, Macs, or to remotely located hardware.

AD add-ons also exist that try to address problems with cloud applications and SaaS. There are others that look to bolster AD’s flagging security through Multi-Factor Authentication (MFA).

Why AD Add-Ons prevent Active Directory from working well:

These directory add-ons are designed to improve AD’s functionality and, for the most part, they do. But there’s inevitably more room for error when you start adding additional moving parts. And when something does go wrong, troubleshooting is now a ten step process.

Many IT admins who talk with us are getting fed up with amending AD and making their directory more complicated. They want to have a single, elegant directory solution that they don’t have to add various extensions to in order for it to be fully functional.

5. Keeping Up with Uptime

Most organizations need their authentication services to be running 100% of the time. When the directory goes down, users and customers can’t access what they need when they need it – and bad things happen.

This of course means that IT departments using Microsoft AD need to develop and maintain the organizational infrastructure to keep AD running in the event of a contingency.  Oftentimes this means working redundancies into the system as safeguards (even though they’re, well, redundant).

Why the need for uptime prevents Active Directory from working well:

This isn’t so much AD’s problem as a problem with maintaining your own server on your premises. It’s a huge undertaking to ensure 100% uptime with your directory and we think that most managers don’t really think about that when they buy the servers (which is why we consider ensuring uptime to be one of the big hidden costs of running Active Directory).

Of course, organizations conventionally haven’t had any choice but to run their own directory. It’s only in the last few years that legitimate Active Directory alternatives have come to the market. Directories based on the SaaS model can eliminate any need to worry uptime internally by outsourcing that to a business that specializes in it.

6. Unnecessarily Time-Consuming for IT

If you’re an IT admin that uses Active Directory, than you know all about the plethora of tasks that are asked of you day after day. From password resets to routine maintenance, from patches and upgrades to configuration settings… everything falls on the IT admin’s shoulders.

That’s the way it has to be though, right?

Not entirely. Directories exist today that allow users to self-service for a variety of tasks, including password resets. But AD currently doesn’t support this functionality.

Why being so time-consuming prevents Active Directory from working well:

Nobody who has worked in IT will be surprised to learn that the majority of IT admins who responded of a 2014 GFI survey agreed that finding the time to do their job is their biggest challenge.

IT departments need all the time saving help they can get and Active Directory doesn’t do them any favors. Again, cloud-based directories offer alternatives for companies who want to save money on payroll (and save the sanity of their existing IT staff).

“I’m sorry Active Directory, but this just isn’t working any more.”

That’s what more and more IT admins are saying to their long-term relationship with Microsoft AD. It’s not really anyone’s fault. It’s just that people (and information technologies) change.

Active Directory just hasn’t done a good enough of job of changing with the times.

Since 2000, we’ve gone from a monolithic office environment with Windows at the center, to a multi-platform, multi-protocol, and multi-location infrastructure. The new way of doing business is better, faster, and more diverse… but also much more difficult for AD to manage.

The Directory of the Future is on the Cloud

The only way to deal with today’s cloud-based infrastructure is with a cloud-based directory. A quality cloud directory (or Directory-as-a-Service) is natively designed to deal with SaaS apps, virtual machines, AWS, and can even use your Google identities as core directory identities.

In addition to better functionality, there are also significant savings benefits – both money and time. DaaS is a directory ran by someone else’s experts that you never have to buy or manage. It’s both cheaper and better than AD.

But what if you’re married to Active Directory? (No, not actually married, but in a position where you’re so entrenched with your existing infrastructure that you don’t want to even think of making the switch altogether). Luckily, there are options for extending Active Directory to cloud servers that are highly functional.

Ultimately, the right cure for your Active Directory woes depends a great deal on what type of company you are and what resources you implement. If you’re interested in getting more specialized advice, you’ve come to right place (we’re kind of experts). You can ask the JumpCloud team about your directory needs here.

Greg Keller

JumpCloud CTO, Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution.

Continue Learning with our Newsletter