Do I Really Need A Domain Controller?

By Greg Keller Posted April 1, 2019

AD DS

Do I really need a domain controller? That all depends on what your definition of one is. The Microsoft® definition of a domain controller is a server that allows a user to authenticate into a “domain,” which is a collection of devices and IT services grouped together. Effectively, you would log in to the domain to receive services such as access to the network, applications, printing, file sharing, and email. In a sense, the domain was the equivalent to modern day single sign-on (SSO). The exception, of course, being that those services were within your on-prem network rather than web applications. But, that’s hardly the way networks are comprised anymore.  

Domain Controller Back Story

Domains were introduced under Windows® NT and subsequently became a core part of the back-office suite from Microsoft, which also included Active Directory® (AD) and Exchange®. The benefit of the domain was that you created a security model where you could give your employees access to critical internal resources and the IT admin staff could manage those devices/applications for support and troubleshooting.

Effectively, IT resources were locked away behind a perimeter, and in order to access them, the user would have to be within that network and physically connected to it via an ethernet cable. Alternatively, users could VPN into the network. That’s not how most IT network environments want to operate, however. With the shift in IT networks, admins want to utilize the Zero Trust Security model, because they know that not all devices, users, and applications are to be trusted simply because they are logged in to the domain.

With the further push into the cloud era, is the domain even interesting anymore? There are a number of factors that are changing the relevance of creating and managing domains.

Factors Decreasing Domain Controller Efficacy

We have to remember the era that the domain was first created in for us to have a good idea about why it isn’t effective now. Simply put, the scenarios that exist today are vastly different than those of the late 90s and early 2000s when the domain was the central aspect of most IT networks. Here are five key reasons why the domain of yesterday is lost in today’s IT environments.

Less Windows-Centric Environments

The systems that you would find on networks during the late 90s and early 2000s would largely be Windows systems. But, with the influx of macOS® and Linux®-based systems, Active Directory and the domain controller have a much more difficult time managing those systems without cumbersome add-ons that require both monetary and time expenditures. With difficulty in joining non-Windows systems to a domain, many are leaving the domain behind altogether.

Increasing Cloud Infrastructure Usage

Companies are taking advantage of cloud infrastructure like Amazon Web Services® (AWS®), GCE, and Digital Ocean because of the overhead it eliminates from their operations. But, like Mac and Linux machines, these services exist outside of the scope of the domain controller. And, with cloud infrastructure usage comprising such a large portion of some workers’ day-to-day work, the concept of the domain begins to make less sense.

Web-Based Applications

Long gone are the days of needing to install programs via disc. Now, users are getting a great deal of their work done on web applications like Office 365™ and Salesforce® housed in a browser window. So, the reliance on locally installed programs has lessened. The problem is, there are a number of different ways to connect SaaS identities to AD and the domain controller. That means IT admins are required to research, implement, and configure the right SSO solution, or Azure AD plus Azure AD Connect, and ensure that it is compatible with how their IT environment is constructed now and into the future. On the other hand, with some companies working completely from the cloud, many of them have decided to forgo using a directory altogether.

WiFi, New File Server Solutions

Nowadays, you don’t even really need to be on a domain in order to leverage some of the tooling that used to be made available by one. You can now connect to printers and send them documents as long as you’re on the right network. Another key feature of the domain was file sharing. But, with so many companies utilizing cloud file servers like G Drive™, Box™, and Dropbox™ as well as NAS and Samba devices there is much less need to configure your own traditional on-prem file server solution. Ultimately, this marks another strike against the domain.

Adoption of Directory-as-a-Service® (DaaS)

Now, more organizations are looking to adopt a cloud-based directory model, such as the one JumpCloud® has created with Directory-as-a-Service. With that shift, the need for domains may be completely supplanted. Directory-as-a-Service can authenticate users regardless of where they are and what network they are currently using to the services they have explicitly been granted access to. This trend towards cloud-based directory services coincides nicely with the shift away from infrastructure on-prem. For example, the adoption of G Suite™ to take the place of a number of on-prem productivity solutions like Exchange, Office™, and Excel™.

DaaS provides a centralized, cloud-based, and secure directory for authentication, authorization, and management of users and systems. The authentication of users and devices is a critical component when thinking about how you can potentially replace the functionality of your domain controller—or simply, to do without it. And like those early days of the domain, with SSO-like capabilities, JumpCloud provides True Single Sign-On™ via centralized user management, LDAP-as-a-Service, WiFi authentication through RADIUS, multi-factor authentication (MFA), system management with GPO-like Policies, SSO to legacy and web applications via LDAP and SAML, SSH key management, and much more.

Learn More About Cloud-Based Directory Services from JumpCloud

With the cloud era in full effect and fewer organizations utilizing Windows systems, admins are wondering if they even need a domain in today’s modern IT environments. For those organizations looking to make a shift, sign up today for a JumpCloud account. It’s free and it enables you to manage up to 10 users with the full version of the product. Once you’ve signed up, take a look at our Knowledge Base for information on how to get the most out of your account. And, if the concept of going domainless is causing you to have some reservations, feel free to contact us today to talk over your options.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts