Microsoft Active Directory® is the premier directory services solution today. With over 15 years of history and development behind it, Microsoft has a monopoly on the directory services market. However, with the advent of the cloud, IT admins and organizations around the world are rethinking their identity and access management strategies. A core part of that equation is the cost of running Active Directory.
Microsoft AD used to live in an IT environment where virtually everything was Microsoft driven. The desktops and laptops, the servers, and the applications were all running Windows. A homogeneous environment made it easy to leverage AD as the directory store and access control management platform. With Google introducing Google Apps (now known as G Suite) with corporate Gmail, one of the pillars of Microsoft’s platform, Exchange, was under attack. Many organizations moved their email to the cloud. Soon after, Amazon Web Services’ introduction of Infrastructure-as-a-Service drove the data center to the cloud as well. Mix in the long list of highly competitive web applications and Microsoft’s stronghold on IT environment is starting to erode. In fact, only one in five devices is now Microsoft Windows-based (Forbes).
Because of these fundamental shifts in the IT marketplace, admins are re-evaluating their plans around directory services or their core identity provider. A directory, after all, is meant to connect an organization’s users to all of the IT resources they need. With more resources out of AD’s purview, the question becomes, “What is the value of AD? And furthermore, what are the costs and benefits of running Active Directory in a modern IT environment?” When thinking about a replacement, it’s important to keep the following hidden costs of running Microsoft Active Directory in mind.
Four Hidden Costs of Running Microsoft Active Directory:
- Management time – AD is known to be a handful to manage and operate. Even small organizations hire admins to directly manage and care for Microsoft Active Directory. It is easy to forget about the constant upkeep with patches and upgrades, configuration settings, and time spent with support. AD is an enormous piece of software with tremendous amounts of functionality. Many IT admins have made AD their career’s work and they still can struggle with AD.
- Add-on solutions – because AD is so focused on Windows and on-premise IT resources, IT organizations often have to purchase additional solutions to manage the rest of their IT resources. These add-on solutions can include directory ‘extensions’ which focus on Linux and Mac operating system devices and hardware located elsewhere. Web application SSO solutions focus on integrating the new generation of SaaS-based web applications with Active Directory. Security conscious organizations add on multi-factor authentication solutions as well. Some will add on reporting and analytics or even compliance solutions. All of these solutions add to the cost of running Active Directory.
- End user identity management self-service – with Active Directory, admins are in the middle of managing a wide range of items for users. From the initial provisioning to resetting passwords when something fails or expires, IT admins are often interrupted to keep their users functioning. It’s expensive having IT admins play the middle man between the end users to access to the resources those users need. End user self-service is an ideal choice, but AD lacks these key capabilities, so the burden and cost falls to the IT admin.
- Operational infrastructure – authentication services are a 100% uptime IT category. Any downtime means that users cannot access their IT resources slowing the pace and production of the business. Directory services are as close to a mission critical part of the IT infrastructure as anything. As a result, IT admins are forced to create backup plans and ensure redundancy, at a cost.
Running Active Directory has been the historically prudent thing to do. With Windows as the base of an IT network, AD made a lot of sense. As that base shifts to a multi-platform, multi-protocol, and multi-location infrastructure, the question becomes, “Is Active Directory the right long-term solution?” When IT admins are facing this question, one critical aspect that they will factor in is the costs. The four hidden costs of running Microsoft Active Directory that we’ve outlined above are just a part of the overall discussion of costs of running AD for directory services.