So you’ve made the decision to replace Microsoft Active Directory.
Now comes the process of actually making it happen.
Often, IT admins are afraid of the steps to remove AD from the network. There is the fear of the unknown. What if there is some consequence that wasn’t anticipated? The results could be serious. Directory services are the core of any network infrastructure and perhaps the most important component of IT outside of the network itself.
So, the question quickly moves from why replace Active Directory to how to replace Active Directory – securely and effectively. Still, before we dive into the steps of migrating from Active Directory, let’s walk through the reasons to make the shift.
Reasons to Replace Active Directory
Identity management has been at the core of organizations for the last two decades. Microsoft Active Directory has been the commercial identity and access management solution of choice. AD works well with Windows and when the IT resources it manages – users, systems, applications, and networks – are on-prem.
As organizations have shifted to the cloud, Active Directory is no longer as helpful as before. In fact, with the move to MacOS, Linux, AWS, Google Apps, Office 365, and more, a cloud hosted directory services solution is needed.
Alternatives to AD
Directory-as-a-Service® has become the most popular choice as an alternative to Active Directory. As a unified cloud directory it is delivered as a service and is independent. That means that IT gets to choose what IT platforms are best for their organization and they off-load the heavy lifting of managing an identity management solution.
As IT organizations think about migrating away from Active Directory, the cloud directory platform has a built in process to seamlessly replace Active Directory.
How to Replace Active Directory in Five Steps using JumpCloud
The process of how to replace Active Directory to Directory-as-a-Service is laid out below:
#1 Sign-Up for Directory-as-a-Service –
Sign-up for the Identity-as-a-Service platform. 10 users are free. If you need to test with more users, ask for the JumpStart program and for a limited amount of time you can use the service with an unlimited number of users. See our Gettings Started guide to learn more on the actual implementation.
#2 Install the Active Directory Bridge Component –
After you’ve signed-up, install the Active Directory Bridge component on your AD server. This will link your system to the cloud hosted directory service. Any changes in AD will be reflected into the cloud directory. Note that AD is still the authoritative system at this point.
#3 Import AD Users into Directory-as-a-Service –
Identify the users that you want to be imported into the Directory-as-a-Service platform. You can choose to import as few or as many users as you would like.
#4 Test and Verify –
With the users imported into the virtual identity provider, you can begin to test. It’s ideal to test with your Macs, Linux devices, AWS cloud servers, Google Apps, and more. If you decide to test with any Windows systems, you will need to break the tether to AD and then test those systems. Your goal at this step is to ensure that everything works as expected and your users have been imported properly. You can continue to run your systems in parallel for as long as you need to feel comfortable before you cut the cord on AD.
#5 Dissociate the Users from AD –
Once you are ready to migrate completely away from AD, you’ll dissociate your users from AD. This is the last step and at this point, the cloud directory service is the authoritative source. AD will no longer control your users.
More than One Way to Replace AD
The process of replacing Active Directory can go as fast or slow as you want. Both Directory-as-a-Service and Active Directory can run in parallel, so you don’t need to eliminate AD completely until you are ready.