What You Need to Know Before You Replace AD

Written by Rajat Bhargava on November 28, 2016

Share This Article

More organizations than ever are replacing Active Directory.

diagram of how active directory worked

A decade ago, the thought that a network could exist without Microsoft Active Directory was absurd. Networks were all Windows and on-prem. AD was just what you did when you built your IT infrastructure. It was a core component just like Microsoft Exchange was your email server and you had a domain controller on-prem.


Today, the IT landscape is radically transformed. Networks thrive without Active Directory. The question for an IT admin has become, “What do I need to know before I replace Active Directory?”

This blog post is listing some key concepts and items to think about before replacing Active Directory with Directory-as-a-Service.

Eliminate the Concept of the Domain


The antiquated view of a domain has existed since IT resources were on-prem.

The domain controller created the concept of a domain. A domain essentially serves the function of what the organization’s network is. By attaching IT resources to the domain, a user could more readily access the resources.

This led to the concept of a single login to the domain. Then, users could subsequently access each resource. Microsoft’s Active Directory largely made this seamless because of their use of Kerberos.

The modern organization, though, does not have their resources on-prem. This simple fact completely blows up the notion of the domain. Much of an organization’s resources are located in the cloud, and many of their users are remote. All of this obviates the idea of a domain. Next generation directory services assume that the domain doesn’t make sense in today’s IT environment.

Local Accounts Versus Network


Active Directory functioned on the notion of Windows systems and resources being on-prem. As a result, the user accounts were domain accounts and not local. The problem with that model today is that many of an organization’s users are remote and/or they are operating from outside an organization’s domain. This requires the user to connect back to the Active Directory server, and that may not be so simple with remote users and the cloud.

Modern cloud directory solutions create local accounts instead of domain accounts. This means that the user can log into the system regardless of whether the system is able to connect to the cloud identity provider, thereby making the system far more resilient.

No Networking Necessary


A critical part of Active Directory was that every system and application needed to be able to contact the AD server. As a result, IT organizations would spend tremendous amounts of time and money on networking. They would install VPNs and ensure that the network architecture always supported access to the directory service. In addition, end users would need to be taught how to access the network, resulting in more work on the part of IT.

True Single Sign-On™

true single sign-on SSO

As the world has shifted to the cloud, less and less of an IT organization’s network is connected to Active Directory. Over time, IT admins have had to add a number of other identity management platforms to be able to solve this problem.

As a result, a user’s core business credentials are managing less of their user accounts. With Directory-as-a-Service®, IT organizations can get back to a True Single Sign-On environment where virtually all of a user’s systems, applications, and networks can be accessed centrally.

Replace Active Directory With Modern Directory Services

daas Directory-as-a-Service

For organizations that are migrating from Active Directory, there are a number of items that IT admins need to keep in mind. While Directory-as-a-Service is an Active Directory replacement, it isn’t a clone of it. In fact, many of the concepts of the cloud identity management platform are a more modern take on directory services.

If you would like to learn more about what you need to know before you replace Active Directory, drop us a note. Also, please try Directory-as-a-Service from JumpCloud® for yourself. Your first 10 users are free forever.

If you’re looking for some light reading, take a look at our “Breaking Up with Active Directory” ebook. If you’re ready to look at the step-by-step process of how you can replace Active Directory, check out our Quick Start: Active Directory Migration guide.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Continue Learning with our Newsletter