For many IT admins, Microsoft Active Directory is simply a fact of life. As part of the monolith that is Microsoft, it’s become the de facto solution for just about any business for managing their users and devices. But AD’s grip is slipping: it’s prescriptive, complex, and it strongly prefers Microsoft. Not to mention that its foundation is still on-premises. This conflicts with the modern business’s needs.
Businesses today — especially small and medium-sized enterprises (SMEs) — need flexible, straightforward, and cloud-friendly tools that can accommodate growth and change.
For some SMEs, now is the time to switch to a more modern alternative. For others, migrating off of AD just isn’t realistic — at least for right now — but they still need more than AD can offer. Fortunately, there’s a way to modernize Active Directory whether you get rid of it or not.
Over the next few months, JumpCloud will be diving into the whys and hows of modernizing your AD instance. Keep an eye out for:
- A webinar: How To Modernize AD: An Admin’s Journey to IT Flexibility
- An eBook: Modernize Active Directory: Break Free from the Limitations of AD
- A roadmap: How to Modernize Your AD Instance
To kick things off, this blog post will jump into the problems with AD and how we bridge the gap.
Why Isn’t AD a Good Fit for Modern Businesses?
AD was introduced over 20 years ago (first released in 2000). It was designed to support the typical 2000s-era environment: centralized, on-premises, and Microsoft-centric.
But it’s not 2000 anymore, and businesses aren’t set up like they were 20 years ago. Some critical things — like the rise of cloud computing, remote work, and heterogeneous IT stacks — reshaped the modern business. These new environments clash with AD, which retains the same on-premises, Microsoft-centric foundation it was conceived with.
In short, the modern business has changed so much that AD can no longer meet its needs. Let’s explore those changes, and then look at where AD falls short in accommodating them.
Critical Changes in SMEs Since AD’s Inception
- SMEs must support remote and hybrid work. The average SME now has more remote and hybrid workers than people fully on-site. And even fully in-office SMEs must support decentralized work, to some extent. From mobile communication to point-of-sale devices to off-site resource access, just about every SME must support some level of decentralization.
- Work environments are diversifying.
- Tools: Hybrid and decentralized environments call for new and different resources. New vendors and solutions are rising to the occasion. Think messaging apps, CRMs, HR systems, and more: the modern stack has many tools that are diverse in both type and vendor.
- Operating systems: Windows machines now only account for 68% of the average SME’s fleet, and Mac, Linux, and mobile devices are becoming more popular.
- Stacks need to be unified. When remote work skyrocketed in 2020, many SME IT teams had to work quickly to create environments that could support remote work. This involved a lot of tool purchases — some of which were more hasty than strategic. Now, many SMEs’ stacks are sprawled and poorly integrated. Reducing clutter by unifying their environment with fewer, more robust and strategic solutions will yield a more functional and cost-effective stack.
- IT needs admin-friendy tools to manage these environments. The typical SME IT team is lean and busy: their management platforms need to be transparent and easy to use. That means admins need friendly interfaces, easy-to-learn functionality, and clarity when it comes to licensing and pricing.
- Directories must be cloud-ready. The average SME’s stack requires a directory that’s capable of connecting users to many different cloud applications, regardless of vendor. About 44% of employees require access to six or more accounts to do their jobs.
Why AD Can’t Meet SMEs’ Needs
Microsoft has released some updates to Active Directory in response to these emerging needs, but the fundamentals remain the same: AD is an on-premises tool that works best with other Microsoft products. The following are some of the biggest detriments to AD’s ability to meet the modern SME’s needs.
- Complexity. As an extension of Microsoft, AD is designed to serve enterprise-level companies rather than SMEs. It is prescriptive, complex, and formal — all of which make it tedious and difficult for a lone admin or lean team to navigate.
- Rigidity. With AD, you conform to it — not the other way around. AD has an established way of doing things, and working outside of those specifications is difficult.
- Microsoft lock-in. AD supports Microsoft products well and makes it difficult to use alternatives.
- Unclear pricing and subscriptions. Microsoft is notorious for its confusing licensing. It’s hard to tell what you need and what you don’t, and businesses frequently overbuy services without realizing it.
- On-premises AD is expensive. Maintaining an on-premises domain is expensive — especially when you factor in the costs to upgrade, monitor, and maintain the equipment.
- Integrating device management with AD is difficult. Device management with AD isn’t a one-stop shop. AD requires Azure AD plus Azure AD Connect or Azure AD Connect cloud sync with Intune to manage non-Windows devices. This is a detriment to unified identity and endpoint management (UEM), which is critical to securing a decentralized environment.
- Some common functionalities require expensive subscription tiers. Some security features, like Health Check, password protection, and privileged access management, are being moved into the cloud with Azure AD. Many of these functionalities are gated behind Azure AD Premium P2, Azure AD’s highest pricing tier.
- Difficult to support certain authentication models. While Microsoft supports certain methods of on-premises authentication (like pass-through), its preferred authentication model is also in the cloud with Azure AD. This limits an SME’s freedom to authenticate the way they want, especially if they’ve got an on-premises or hybrid setup.
What About Azure AD?
To meet the growing need for cloud-based solutions, Microsoft released Azure AD. While Azure AD sounds like the cloud-based version of AD, it’s far from it.
Some of Azure AD’s key limitations include:
- Azure AD is not simply a cloud copy of, nor a replacement for, AD. Azure AD is an entirely different tool (so different, in fact, that it’s being rebranded as Entra ID). AD and Azure AD’s architecture, processes, and functionality are different from one another and they function independently. They can sync with one another, but even then, some data — like group configurations and organizational units — are fundamentally different and don’t carry over smoothly from AD to Azure AD.
- Azure AD is complex. Similar to AD, Azure AD is difficult to navigate and manage. Preparing for the certification usually required to effectively manage it (i.e., Exam SC-300) can take weeks to months.
- Endpoint management is piecemeal. Azure AD is an identity provider for Azure resources, but it does not manage devices on its own. Managing devices requires integration with Microsoft Intune, which is a separate service.
- It caters to large enterprises. Microsoft tends to cater to enterprises rather than SMEs, and Azure AD is no exception. It generally does not provide the level of support SMEs need to configure and manage Azure AD. As a result, SMEs often have to contract out consultants or hire additional Azure AD-focused experts.
- It doesn’t use AD’s group policy. Group policy is one of the management strengths of on-premises AD, which makes this difference jarring for those used to AD. It also creates problems when trying to duplicate proven and powerful management paradigms from AD to Azure AD.
- It doesn’t support some common protocols. Azure AD can’t natively connect to RADIUS or implement MFA for RADIUS, for example.
How to Bridge the Gap by Modernizing AD
While recognizing a problem is easy, fixing it can be hard — especially when that problem is a core piece of your infrastructure, and the decision isn’t up to just you. Rip-and-replace takes a lot of time, effort, and money, which can make it hard to get the green light from leadership.
What’s more, replacing AD calls for an alternative that has all the right functionality. Historically, not many solutions have fit the bill. Until recently, Microsoft has maintained a tight grip around businesses by being, as they saw it, their only option.
This gap is what inspired JumpCloud’s inception.
JumpCloud is an open directory platform that’s designed to support the modern SME through flexibility, simplicity, and the power of choice. JumpCloud has options for companies that want to completely get rid of AD, keep AD forever, and everyone in between.
Get the Ultimate Freedom of Choice by Integrating With JumpCloud
JumpCloud is a cloud-based directory that supports both cloud and on-premises resources. It’s an open directory, which means that it’s flexible enough to support just about any resource you need it to, regardless of operating system or vendor. And its pricing is clear and transparent, so there’s no question as to what you need to support your environment.
JumpCloud unifies user and device management and offers a full suite of tools that allows you to make work happen securely, and from just about anywhere. That includes single sign-on, multi-factor authentication, patch management, and more.
Best of all, JumpCloud is designed to work with or without Active Directory. If you’re ready to make a clean break and start with something new, JumpCloud offers a migration tool that allows you to move your organization off of AD and onto JumpCloud with ease.
If you’re not ready or able to get rid of AD, that’s okay too. JumpCloud can integrate with AD seamlessly, allowing you to use JumpCloud for what you need and keep AD for the rest. You can even keep AD as your core identity provider. It’s all up to you.
Regardless of the setup you choose, JumpCloud allows you to run your IT environment with the confidence that you’ll be able to make work happen, no matter what comes your way.
Learn more about how JumpCloud bridges the AD gap in the eBook, Modernize Active Directory: Break Free from the Limitations of AD.