In Active Directory, Blog

IT admins from all across the world tell us every day that their organization wants to move away from Microsoft Active Directory. There are several reasons for IT admins to migrate away from Active Directory, including those below:

         Microsoft Windows is a small part of their network now

         Control over cloud infrastructure and applications is more important nowadays than control over Windows devices

         Apple Macs are their dominant platform

         Cost is too high and their company resources are growing rapidly

         They’re moving toward the cloud versus on-premise infrastructure

What’s more, there are many other reasons that are specific to each organization. For example, some IT admins haven’t grown up with Microsoft Windows software as their primary operating system. Rather, they are products of the Apple and Google Apps era. Whatever the reasons to migrate away from Active Directory, all IT admins face the same challenges when thinking about the migration: change is hard to accept for many among the company. If Active Directory has been within the organization for a long period of time, its removal can spark some angst around the unknown.

5 Challenges IT Admins Face When Migrating Away from Active Directory

Just as there are plenty of reasons to migrate away from Activity Directory, there are several challenges IT admins face when removing Active Directory. Here’s a list of the top 5 challenges we often hear about and how you and your organization can address them:

1. GPOs

Group Policy Objects were a core part of the rise of Active Directory. GPOs gave IT admins unprecedented levels of control over devices. Admins could execute registry setting changes, update files, install software, and do much more. GPOs provided a scripting language to create custom tasks that could be executed on a fleet of Windows devices. Most directory services miss this critical part. OpenLDAP, for instance, can handle authentication but does not offer device management. So, too, do other directories. IT admins must have the capability to remotely execute tasks on Windows machines. A GPO replacement is mandatory when migrating away from Active Directory.

2. User Migration

No IT admin is going to manually input hundreds or thousands of users into a new directory. There needs to be an automated process to import users in with their groups, attributes, and other characteristics. Some IT admins want to see this synching process happen over time, in order to see that the sync works as they update Active Directory. This allows them to trust that the new directory is in sync with what they are doing in AD. Cutting off a directory overnight is risky. It is more likely that IT admins will run two directory services in parallel to ensure that all services are operational. They will cut over various applications and devices to the new directory service only after they are confident that the new directory has all of the users and it is operating smoothly.

3. On-premises resources (e.g. fileshares, applications)

Microsoft Active Directory connected Windows machines to a variety of different on-premises services, from Windows file servers to applications. If the organization is going to maintain their on-premises services, then a new directory must connect to them. In some cases, this becomes difficult because of Microsoft’s version of Kerberos. IT admins should test their on-premises applications and file servers with any new directory service to make sure that everything operates as intended.

4. Office 365

Many organizations are migrating to Office 365. It is a path to rid themselves of the on-premises Microsoft Exchange server among other capabilities. If an organization is heading that route, then moving away from Active Directory will entail connecting O365 to either a directory service or a single sign-on solution. As more organizations shift to O365 (or even Google Apps), the shift  introduces a natural point at which to re-evaluate whether Active Directory  is the right choice moving forward. If your core productivity applications are moving to the cloud and you are reducing your on-premises footprint, then hanging on to Active Directory is hanging on to a bit of the past. A cloud-based directory service will likely be a better answer for those that are moving more of their infrastructure to the cloud.

5. WiFi access

Smart IT admins have connected their WiFi network to Active Directory. That levels up security significantly, because it not only requires the SSID and passphrase but also the user’s credentials. As you move away from Active Directory, you’ll want to ensure that your new directory services provider can integrate with your on-premises WiFi infrastructure through RADIUS or LDAP. An option for IT admins is RADIUS-as-a-Service which not only connects modern directory services to wireless access points but also runs the RADIUS infrastructure for the IT organization. RADIUS is notoriously difficult to configure and maintain, so an organization can leverage a modern ‘as-a-service’ solution in combination with a new directory service.

Directory-as-a-Service: Making the Migration Easier

As the cloud continues to gain more momentum and Windows continues its market share slide, it is inevitable that organizations will rethink whether Active Directory is right for them or not. If Active Directory has been in place for many years, IT admins will rightfully have a number of concerns about moving to a more modern directory service solution — and they’ll face a number of internal challenges when migrating away from Active Directory. However, there are a number of new innovative solutions to the problem that will make migration easier, including Directory-as-a-Service. Migrating away from Active Directory is a significant decision for any organization. IT admins must thoroughly test any new directory service to ensure that their specific needs are met, before they invest in the solution.

Try JumpCloud’s Directory-as-a-Service for free.

 

Recent Posts