By George Lattimore Posted March 28, 2019
For many years, no one questioned when to use Active Directory®. Since it was the only game in town effectively, everybody just assumed to use AD as their directory service and domain controller. Now, however, with a changing IT landscape, it isn’t so cut and dry on when to use AD and when not to. Add in the complication of Microsoft®s other “AD” solutions, such as Azure® Active Directory, and the decisions have only gotten harder. In this article, we’ll try to simplify the approach to identity and access management for modern organizations.
Out to Sea with Active Directory
Before we dive into the specifics of when to use AD and when not to, it is helpful to step back and understand the overall context of IT networks and identity management. Having an accurate perspective for how IT has changed will help inform your decision in the identity and access management space. Traditionally, as you probably know, IT networks were on-prem and Windows-based. This setup made it easy for a Microsoft solution (AD) to be the control point for user access to domain resources and a Windows system management platform.
As the network started to shift away from on-prem and Windows to cloud infrastructure like AWS®, productivity solutions like G Suite™ and Office 365®, web applications such as Salesforce®, Slack, and GitHub, Samba file servers, NAS appliances, cloud storage solutions such as Box™ and G Drive™, and WiFi networks, the traditional approach with Active Directory started to take on water. It simply wasn’t built to carry the weight of all these non-Windows® resources and needed extensive modifications / additions to keep the ship from sinking.
Patching the Server Sails
To keep moving forward with AD as their base, IT admins started to search for add-on solutions such as identity bridges, web application single sign-on platforms, privileged identity management solutions, MFA/2FA tools, and much more. In other words, instead of a new ship with a new directory service solution at its core, IT admins were adding more and more sails to help catch the wind and keep up with the changing times. These short-term solutions not only added cost, but also brought a great deal of complexity to the management approach for identities, security, and systems. They simply weren’t playing well together anymore, and eventually, the old ship had too many sails to adjust efficiently.
For IT admins at modern, cloud-forward organizations, this opportunity encouraged re-evaluation of the legacy identity provider. A new approach was sought after to simplify the management complexity and get back to the basics of what Active Directory did well to begin with: secure user access to resources and enable employees to get more work done.
Boarding a New Ship, Cloud-bound
So, when should Active Directory be used? When it makes the most sense to stay on-prem and anchored down with Windows. For those organizations looking to move cross-platform, reduce overhead management and costs, the good news is that a next generation cloud identity management solution has recently emerged as a reimagination of Active Directory for the modern, cloud era. This AD replacement is called Directory-as-a-Service®, and it integrates the disparate IT components that have become standard within organizations. From the cloud, for the cloud, this independent, all-inclusive solution comes with no strings attached or add-ons required. Everything from cross-platform system management to privileged user access is centralized and streamlined again.
If you’d like to understand more about when to use Active Directory, or how Directory-as-a-Service can help move your organization cloud-forward, send us a note. One of our product experts will follow up with you shortly. If you’d rather see the platform for yourself and explore the functionality, getting started with your first 10 users is completely free. No time constraints. No credit cards. All the features.