Can You Manage an AD User Entirely From the Cloud?

Can you manage an Active Directory^® (AD) user entirely from the cloud? The short answer is yes, although you may be surprised to find out how. Before we detail the long answer, let’s first talk about why this is a pressing question in the first place.

The Dominance of AD

Microsoft^® Active Directory is the most popular on-prem commercial directory service, serving as a staple of identity management since its inception in 1999. 

At that time, the average IT environment was fairly uniform. Many organizations were centered on Microsoft’s on-prem Windows^® infrastructure; Windows Server, the Windows desktop operating system, and Windows applications all played core roles in an employee’s daily duties. As a Microsoft-centric directory service, AD naturally fit the identity management needs of most, if not virtually all IT organizations of the day. 

With its popularity, Active Directory set the bar for the directory service. AD connected users to virtually all the IT resources in use at the time, and it unified a user’s identity into one set of credentials. This collection of resources is often referred to as the domain, with AD sitting in the center as the domain controller. IT admins used the domain controller to manage security settings on all Windows user systems from a single screen and used AD to provide access to internal networks as well.

Cloud Difficulties

The rise of web 2.0 technology introduced many innovations to improve efficiency for end users and IT departments alike. Software and infrastructure was increasingly offered “as-a-Service” from the cloud. Meanwhile Mac^® and Linux^® adoption surged. AD struggled to manage these new resources. The most powerful identity platform in the IT environment became fractured.

In response, vendors in the identity management space created new solutions to help AD identities bridge the gap to cloud resources. These “add-on” solutions, if you will, filled holes that the cloud created in AD’s domain. Many of these solutions were also offered from the cloud as-a-Service, meaning that IT admins could leverage them from a web browser, whether they were in the office or not. This level of on-demand convenience ultimately led admins to wonder if it was possible to manage AD remotely from the cloud as well.

Managing AD Users from the Cloud

As a directory service and domain controller, AD’s primary function is the management of users and their access to generally Windows-based resources. Given the cloud-forward nature of today’s IT scene, WiFi, and remote work, an admin can’t always be on site to leverage AD. Additionally, with the rise of managed services, MSPs also need to remotely manage their clients’ AD users efficiently. So are there options to manage AD users from the cloud?

Can you use Azure AD to manage AD users?

Many believe that Microsoft’s Azure^® Active Directory is the cloud-based successor to on-prem AD. Unfortunately, this is simply not the case. Azure AD is mainly used for managing Azure and Office 365™ users. Its connection to on-prem Active Directory is a fairly one-sided one. IT organizations can use Azure AD Connect to sync their Active Directory user base to Azure AD, but they can really only manage their Azure users with on-prem AD, not the other way around. So, for organizations looking to manage an AD user entirely from the cloud, Azure AD unfortunately won’t make the cut.

Is there another option?

What IT organizations need to fully manage AD users from the cloud is a cloud directory service, aka Directory-as-a-Service^® (DaaS). A cloud directory service reimagines on-prem Active Directory for the modern era, providing the same consolidated identity management as AD, except across virtually all modern IT resources. As such, it can be the ultimate solution to connect AD users to the resources they need but that AD struggles to handle.

For organizations deeply invested in AD infrastructure, Directory-as-a-Service offers a solution that federates an on-prem AD identity to cloud and non-Windows resources. This service is called AD Integration.

AD Integration: Full AD User Lifecycle Management from the Cloud

JumpCloud^®’s AD Integration manages AD users from their creation all the way to their offboarding, entirely from the cloud. With AD Integration, IT organizations can leverage a remote console to fully manage their AD user base, including password sync, group management, and user state changes. That way, IT organizations control their AD domain from anywhere.

Additionally, because AD Integration is backed by the power of a modern directory service, it federates AD identities to non-Windows and cloud-based resources with ease. With AD Integration, organizations can fully manage their users’ authoritative AD identity from the cloud. You can learn more about how AD Integration provides value in our whitepaper.