Well, that all depends upon what your definition of a domain controller is! The Microsoft definition of a domain controller is a server that allows a user to authenticate into a “domain” which is a collection of devices and services grouped together. Effectively, you would login to the domain to receive services such as print and file sharing. You would also have access to any other services that were connected to the domain. In a sense, the domain was the equivalent to modern day single sign-on except for services effectively within your network, on-premises. It’s interesting to explore its role in a cloud-based directory era.
Domains were introduced under Windows NT and subsequently became a core part of the back-office suite from Microsoft which also included Active Directory and Exchange. The benefit of domains was that you created a security model where you could give your employees access to critical internal resources and the IT admin staff could access those devices for support and troubleshooting.
In the cloud era, is the domain interesting anymore? There are a number of factors that are changing the relevance of creating and managing domains:
As more organizations move to WiFi and WiFi-enabled services such as printing and copying, the need to join the domain decreases. While many organizations have other reasons to join the domain, but for those that focus on file sharing and printing, the domain is becoming less relevant. Users are joining a WiFi network and that network has access to various services. Of course, joining a WiFi network in most cases is not a unique login, but a shared login. However, that shared login does provide some services to users – for example, printing capabilities. For some organizations that method of creating “network segregation” may suffice. Note that modern RADIUS-as-a-Service platforms are providing unique WiFi authentication while still giving access to shared services.
Move to cloud email and file sharing
If an organization has moved many of their on-premise core services such as email and file sharing to the cloud, there is less need for a domain. Access is granted to the cloud-based email (such as Gmail) and/or to cloud file sharing (such as Dropbox) and users may not have a need to login to a local ‘domain’ where there are no services anymore. If there are custom applications on-prem that are connected to authenticate via the domain, then it may make less sense to move away from the domain controller (unless, of course, you are leveraging another authentication directory / mechanism such as LDAP, rather than AD).
Declining Windows use
As the number of Windows devices decreases (now only one out of five devices) within an organization, the concept of the domain decreases in value. Domains have traditionally been valuable to Microsoft devices. While you can connect Macs and other devices to the domain, there is little value in doing so. While it may not be a single login to access all services, Macs and Linux devices can authenticate directly to many services via LDAP, obviating the need for the domain.
Adoption of Directory-as-a-Service® (DaaS)
As we see organizations adopt a cloud-based directory model, such as JumpCloud, the need for domains may be completely supplanted. Directory-as-a-Service solutions can authenticate users regardless of where they are and what network they are on to the services that they have access to. This trend dovetails nicely with the move away from any infrastructure on premise such as the adoption of solutions such as Google Apps supplanting Exchange and similar email solutions. DaaS provides a cloud-based central and secure directory for authentication, authorization, and management of users and devices. The authentication of users and devices is a critical component when thinking about how you can potentially replace the functionality of your domain controller – or, do without it. This Identity-as-a-Service platform ends up providing True Single Sign-On™ capabilities through centralized user management, hosted LDAP, WiFi authentication, LDAP- and SAML-based application access, multi-factor authentication, device management, and more.
Learn More About Our Cloud-Based Directory
As the trend towards increased cloud utilization and fewer Windows devices continues, admins will start to question the value of the domain. Add in innovative services like JumpCloud’s Directory-as-a-Service and you’ll be questioning why you need that domain controller. If you are thinking about how you can decrease on-prem software/hardware footprint and your domain controller/Active Directory server is a candidate to go – give us a call and we’d be happy to talk to you about alternatives.