What is AD DS? – (Active Directory Domain Services)

Written by Zach DeMeyer on January 5, 2019

Share This Article

The IT industry is full of initialisms: CPU, FDE, HTTPS, VLAN, IAM. The list is so extensive; it’s often hard to keep track. So it’s understandable if you’re asking the question: what is AD DS? AD DS is an acronym for Microsoft’s Active Directory Domain Services.

Essentially, AD DS is the umbrella solution of Active Directory. In order to understand what AD DS is today, however, we need to step back and understand the history of the identity and access management (IAM) space.

The History of IAM

2D image of a clock

The modern IAM space was largely kicked off with the introduction of the LDAP protocol. LDAP would then serve as the basis for two major directory services solutions: Microsoft Active Directory (AD) and OpenLDAP™, among many other smaller solutions. AD would go on to become the commercial market share leader, while OpenLDAP would lead the open source space. Both solutions became widely regarded as the bread-and-butter identity providers (IdP) for organizations worldwide.

The concept behind the identity provider was to create a central user and data store for an organization. User accounts would be stored within the IdP along with IT resource information.

These two sets of objects would then be interrelated to connect users to the IT resources they needed. These resources, such as systems, applications, networks, and more, would each be tied directly to the user identities that needed them, as well as limited by the privileges of that specific user’s role.

In the case of Active Directory Domain Services, this was done for largely Windows networks and resources. Because the average IT network at the time was virtually all Windows-based, AD DS made a great deal of sense. A user could login to their machine and the domain controller (AD DS) would enable access to whatever the user needed and was authorized to.

Struggles of AD DS in Modern IAM

Is there an Active Directory for Mac?

While it was at the top of the domain controller market, AD DS started to struggle in the face of a changing IT world. The challenge with the Active Directory approach to directory services didn’t really emerge until the IT network started to shift cloudward.

As IT admins found AWS®, G Suite™, macOS® and Linux® machines, web applications, cost-effective SAN/NAS equipment like Samba file servers, and WiFi, they realized the concept of Active Directory Domain Services was starting to break down.

As aforementioned, AD DS was primarily a Windows-based, on-prem domain controller. Not only were the majority of these services offered on non-Windows platforms, but their cloud-forward status presented a major challenge to organizations grounded on-prem with AD DS.

Some vendors capitalized on this growing rift in the IAM space. Offering new tools, called Identity-as-a-Service (IDaaS) solutions, these developers created ways for IT organizations to try to modernize their now legacy AD DS IAM approach. Some of the more popular of these IDaaS solutions include single sign-on (SSO) tools for web applications, identity bridges to support multiple OSs, MFA software, and more. Cost-conscious IT admins, however, soon became weary of this siloed IAM style. Juggling a slew of IDaaS add-ons on top of their on-prem AD instance started to become more of a hassle than a help.

Replacing AD DS with Directory-as-a-Service

Replacing Active Directory

A new generation of IDaaS is emerging to replace AD DS. Unlike legacy attempts at modern IAM, the serverless directory service is third-party, cloud-based, and can control disparate IT environments from one web-based solution. This Directory-as-a-Service® takes the benefits of Active Directory and leverages those abilities in a way that any organization will benefit from, no matter their choice of platform, protocol, provider, or even location.

Available from JumpCloud®, Directory-as-a-Service is the future of identity and access management. Whether your organization is heterogeneous, single OS, or even an MSP, Directory-as-a-Service may be ideally suited to be your AD DS replacement. To find out more, contact us or check out our YouTube channel. You can try JumpCloud absolutely free today, with ten users included in your platform forever.

Continue Learning with our Newsletter