By Megan Anderson Posted January 23, 2020
A common belief among IT admins is that Active Directory® (AD) can’t be beat in terms of IT resource management. Although this was true for organizations in previous years, more cloud-forward replacements could serve K-12 school districts better.
Active Directory and K-12 Conflicts
With Active Directory acting as the premier identity management solution for two decades, many school district sysadmins today inherit their AD instance. The tool was intended more for business enterprises operating from one location than educational institutions. But because students and staff increasingly needed computer and application access, schools had to implement a way to manage them. The popularity of Windows® computers made AD the best tool for the job at the time.
However, school districts span across a wide area, are publicly funded, and generally operate as nonprofits. As a result, there are a number of areas where AD and K-12 schools conflict.
1 – Implementation and Maintenance Costs
Funding for K-12 schools varies by district, but most don’t have ample budgets to work with. Buying on-prem servers and purchasing Windows Server licenses and CALs can be expensive even under Microsoft’s .edu licensing, but it’s not a one-time purchase. Once the servers reach their end-of-life and the license term expires, schools have to spend just as much — or more — on renewing the license and replacing the servers. The funds allocated to building and maintaining a district’s IT infrastructure could be better invested in projects with more direct impact on students and staff.
2 – No Cross-Platform System Management
Active Directory works best when the IT environment it’s implemented in is entirely Windows-based. However, most school districts have disparate operating systems in their domain. As more schools leverage Chromebooks and macOS® systems, AD becomes less effective as the core authority.
3 – Manual Onboarding and Offboarding
Although onboarding and offboarding a homogenous Windows environment is rather straightforward, doing so for non-Windows platforms, especially web applications, is less so. Non-Windows users must be onboarded and offboarded manually, which in school districts that can serve thousands of users, could take months. IT admins in education can’t simply push back onboarding completion, either. Instead, they may need to put in overtime, causing headaches for them and for the school’s administrators.
4 – No Straight-Forward Single Sign-On (SSO) for Web Applications
Active Directory connects users to all their Windows-based and on-prem resources right off the bat, but web applications are a different story. A school district could leverage AD with Azure® AD to manage Office 365™ users, but for other applications, the district would either need to find a third-party service or work with Active Directory Federation Services (AD FS) to achieve web app SSO (or purchase a higher end tier of Azure AD). These options require more monthly payments and/or greater IT expertise, which may end up costing more than initially planned for.
5 – Requires Experienced IT
Active Directory has been in the industry for decades. It’s a legacy system more likely to be understood by an admin who’s worked in the industry for years. But while the average salary for IT professionals is over $85k, the average industry salary for school districts is $45k. This means that school districts are more likely to meet the salary demands of entry-level IT admins. These emerging IT professionals tend to be forward-thinking users of cloud technologies. The result for schools is that choosing AD can make staffing more difficult and expensive.
Why School Districts Should Replace Active Directory
Active Directory may have been popular at the time of its implementation, but today, it’s losing relevance in the typical K-12 IT environment. The prevalent use of different systems and web applications in schools makes AD’s inability to provide SSO and manage cross-platform systems increasingly problematic. As a result, admins have to manually assign devices, as well as onboard and offboard users. With how frequently school districts’ user population fluctuates, this can take months to complete.
On top of that, the cost of running AD can exceed the amount K-12 districts are able to pay. Public schools are notoriously underfunded, so continuing to pay for an expensive directory service is difficult to justify. Switching to a more affordable, lightweight directory service may be a better option.
Replacing Active Directory
Active Directory is no longer the only viable directory service on the market. More recent innovations can elevate the capabilities of admins in education and serve their unique needs better. For school districts interested in replacing AD with a cloud-based, cross-platform solution that’s lighter on resources, consider JumpCloud®Directory-as-a-Service®.