In Active Directory, Blog

Microsoft Active Directory Lock-in

IT organizations hate being locked into a particular type of solution or vendor. It is one of the things that they spend a tremendous amount of time avoiding.

They do so for good reason: being locked in means that you pay more, have less flexibility, and generally receive inferior support.

Lock-in is great for vendors. It is wonderful for them to know that they have revenue that they can count on. Of all vendors, Microsoft may be the most adept at locking in their customers to their platform. In fact, Microsoft Active Directory lock-in forces their customers to use solely the Microsoft ecosystem and platform.

Microsoft: Experts at Monopoly


Microsoft had tremendous momentum in the 1990s with Windows. It was by far the most dominant operating system platform and effectively had a monopoly in the space. Eventually, the regulatory agencies took note and sued Microsoft for monopolistic behavior with respect to Windows.

In the late 1990s, they made a brilliant move. They would no longer just count on Windows to be their lock-in solution, but they would tie all of their disparate Windows devices and applications together via a central user and device management platform called Active Directory. AD enabled IT admins to centrally provision and deprovision user access to devices, applications, and the network.

The only caveat? The solutions needed to be Windows to tie into AD.

IT Got Locked-In by Microsoft

active directory Microsoft's windows lock-in strategy

The strategy worked to perfection. IT admins implemented AD because they were largely Microsoft Windows-based shops. Consequently, when a new device or application was needed, a key requirement became that it was a Windows product and manageable by AD.

It was a self-reinforcing virtuous cycle for Microsoft that generated billions in revenue and profit. Even their CEO named AD as one of the most critical assets of the entire company. For IT organizations, though, it was predictable. They were locked into Microsoft solutions. Moving away from Windows became harder, so IT admins were reluctant to shift away for much of the 2000s.

More Infrastructure Today is Outside of Microsoft’s Ecosystem


As a new generation of startups and tech-savvy employees arrived on the scene, Apple Macs and iOS devices started to increase in popularity. AWS made it easier to have data center capacity without having to build the data center themselves. Google Apps eliminated the need for Microsoft Exchange, a companion to AD.

All of this meant that AD and, as a result, Windows was no longer an obvious choice. In fact, without Active Directory, organizations were free to choose a greater variety of platforms and cloud applications. Now, new apps and platforms are driving new models – companies don’t need to have all of their employees in-house or their data center on-prem. The flexibility afforded to organizations as they moved away from AD became significant. And to many, it became a competitive advantage.

Moving On with Cloud Directory Services

daas Directory-as-a-Service

The benefit of eliminating Active Directory was, of course, not being locked into Microsoft solutions. While IT could now choose Microsoft technology because it was right for the situation, they also had the freedom to move elsewhere. The challenge became, what would be a good independent and cross-platform replacement for Active Directory? The answer appeared with Directory-as-a-Service®. As a cloud directory service, this virtual identity provider accomplishes many of the same tasks as Active Directory, including user and device management. However, it has a few critical differences. Those unique aspects are its ability to manage Windows, MacOS, and Linux devices, IT resources on-prem or in the cloud, and a wide variety of protocols, including LDAP, SAML, RADIUS, SSH, and REST.

jc-learn-moreVendor-Neutral Alternative to Microsoft Active Directory Lock-in

If you would like to learn more about how to avoid Microsoft Active Directory lock-in, drop us a note. We think that you will be pleasantly surprised with how you can extend Microsoft AD-like functionality to your entire IT infrastructure regardless of vendor or location. Give it a try for yourself. Your first 10 users are free forever.

Recommended Posts

Start typing and press Enter to search