By Zach DeMeyer Posted March 2, 2019
In the modern era of the cloud, what are the advantages of Microsoft® Active Directory® (AD), the on-prem directory service, and when would you use it? Further, as it relates to this question, there is the follow-up on when to use on-prem Active Directory vs Azure® Active Directory (AAD). These are great questions for IT admins, and the answers have a great deal of downstream impacts.
AD and IAM
Before diving into the differences between AD and AAD, which is tangentially related to the advantages of Active Directory, let’s discuss the foundation of identity and access management (IAM) for many years. Microsoft created Active Directory in the late 1990s as a way to centrally manage user access to Windows®-based networks, servers, applications, and, of course, laptops and desktops. The goal was to be able to give IT admins an easy way to manage their identity and access control issues.
The move was a brilliant one because not only did it help IT organizations seamlessly manage user access, it also helped end users log in to their Windows machine, and, with one login, effectively have access to whatever IT resources they needed within the confines of the domain. While utility and value was high for IT organizations, the real win was that AD entrenched Microsoft even further into organizations. As it became easier to manage Windows machines and applications, IT admins demanded more Windows resources. It was a virtuous cycle for Microsoft.
Advantages of Active Directory
The advantages of the Active Directory approach for IT organizations at the time were significant. They already had a virtually all-Windows network, so IT organizations could easily connect their users to files, applications, servers, and more. With AD’s GPO (group policy object) functionality, IT admins managed their fleet of Windows systems using policies that enacted password complexity requirements, screen saver lock, configurations, and more. The benefit for end users was the beginning of a Single Sign-On (SSO) type of experience—log in once to your Windows machine and access whatever you need.
Further, at the time, the concept of security was focused on a perimeter-based model where the internal network (called the domain in Microsoft parlance) was safe, and the external world was not. Active Directory Domain Services made it easy to manage and control the domain to ensure safety was maintained. By acting as the gateway to the rest of the network, Active Directory was the backbone of the traditional IT organization.
Cracks in the Domain
While those advantages existed for many years, the challenges started to appear when web applications, cloud infrastructure from AWS®, G Suite™, macOS® and Linux® systems, WiFi, and many others started to appear on the IT stage. Active Directory struggled with these non-Windows and, often, off-prem resources.
Vendors released add-on solutions to Active Directory, often in the form of web app SSO solutions or identity bridges, to help maintain AD’s hold over the domain. Although they did connect AD users to cloud-based resources, the concept of the unified domain was essentially fractured. Like water from a burst dam, the advantages of Microsoft Active Directory started to slip away.
Advantages from the Cloud
Luckily, a new generation of directory services has reimagined Microsoft Active Directory for modern IT organizations. Leveraged directly from the cloud, this Directory-as-a-Service® offers a True Single Sign-On™ experience akin to the early days of AD. This experience extends user identities across virtually all platforms, protocols, and application providers. By using cross-platform, GPO-like Policies, admins can also manage system fleets at scale, be them Windows, macOS, or Linux. These advantages and more are available from JumpCloud®.
Although there used to be many advantages of Microsoft Active Directory, those benefits have evaporated with the advent of the cloud. If you are interested in reaping similar advantages, consider trying Directory-as-a-Service today. Every JumpCloud account is free for the first ten users, forever, with affordable pricing as you scale. You can learn more by contacting us, or reading more of our blogs.