Why Azure Active Directory Doesn’t Replace AD

Written by Rajat Bhargava on December 8, 2016

Share This Article

Many IT admins have been excited by all of the recent announcements that the Microsoft Azure Active Directory team has been making about their cloud identity management platform. The excitement largely stems from this hope that IT admins will be able to replace Active Directory with a cloud directory service.

Unfortunately, however, this isn’t the case. Azure Active Directory doesn’t replace Active Directory.

The Truth about Azure Active Directory

spice works logo

In fact, a post on Spiceworks outlines more detail on Microsoft’s strategy around cloud directory services.

Here’s some relevant text from the thread:

“Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide exactly the same capabilities with AD. It actually provides many more capabilities in a different way.

“That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU, etc.

“As you can see here, Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. Azure AD can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing your partners access to your resources. And it provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, multi-factor authentication, protection of your identities in the cloud, reporting of sign-ins from possibly infected devices, leaked credentials report, and user behavioral analysis are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.

“Even the recently announced Azure Active Directory Domain Services are not a usual DC-as-a-service that you could use to replicate your existing Active Directory implementation to the cloud. It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services but with no replication to any other on-premises or cloud (in a VM) domain controller.  

“If you want to migrate your domain controllers in the cloud to use them for traditional tasks, you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.

“So to conclude, if you would like to extend the reach of your identities to the cloud, you can start by synchronizing your Active Directory to Azure AD.”

Strengths and Limitations of Azure

Azure Active Directory really is a user management system for Azure. In fact, even their domain controller functionality, which many believed to be a precursor to a complete AD replacement, is little more than a domain controller for Azure virtual machines.

Azure AD and Active Directory tend to not be a good fit for organizations that have mixed-platform environments, i.e., Macs, Linux machines, G Suite, Google Cloud, AWS, or any number of other non-Microsoft systems. The question then becomes, how can IT organizations eliminate Active Directory in their on-prem environment?

JumpCloud® Does Replace Active Directory

JumpCloud directory-as-a-service

Modern IT organizations have been choosing Directory-as-a-Service® as a replacement to Active Directory. As an independent cloud-hosted directory service, JumpCloud’s identity provider seamlessly connects user identities to the systems, applications, and networks that they need to access. Further, the IT resources can be located in the cloud or on-prem.

If you would like to learn more about why Azure Active Directory doesn’t replace Active Directory, drop us a note. Also, if you need to replace Active Directory with a cloud-hosted directory service, take a look at our IDaaS platform. Finally, please be aware that your first 10 users are free forever.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Continue Learning with our Newsletter