Replace Active Directory® with Azure® Active Directory?

By Rajat Bhargava Posted March 22, 2017

With Microsoft®’s introduction of Azure® Active Directory®, many IT organizations are wondering if they can now move their domain controller, Active Directory®, to the cloud.

Can they replace Active Directory with Azure Active Directory?

It may seem like a simple question, but not everything is as it seems. Since Microsoft decided to call their cloud directory service Azure Active Directory, it would seem to reason that it would be a cloud version of Active Directory. Perhaps it is just a hosted Active Directory?

As we dig deeper, you’ll see that is wishful thinking. Microsoft did a disservice to IT admins everywhere with their naming conventions. They tried to make Active Directory synonymous with directory services. That would make sense because Microsoft has a monopoly in the space. However, their approach is causing a great deal of confusion.

Azure Active Directory Doesn’t Replace Active Directory

active directory fail

Azure Active Directory is actually a completely different code base than the legacy, on-prem Active Directory. In fact, Azure Active Directory is not a replacement to AD. See Microsoft-related comments on Spiceworks for more information:

“Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.

“That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.

“As you can see here Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. It can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing access for your partners to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, Multi-Factor Authentication, protection of your identities in the cloud, reporting of Sign-ins from possibly infected devices, leaked credentials report, user behavioral analysis are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.

“Even the recently announced Azure Active Directory Domain Services are not a usual DC as a service that you could use to replicate your existing Active Directory implementation to the cloud. It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services. But with no replication to any other on-premises or cloud (in a VM) domain controller.  

“If you want to migrate your domain controllers in the cloud to use them for traditional task you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.

“So to conclude, if you would like to extend the reach of your identities to the cloud you can start by synchronizing your Active Directory to Azure AD.”

Azure Active Directory is a user management system for Azure. It links with the on-prem Active Directory, which will federate its identities to the cloud-hosted directory service. If you are looking for a replacement to Active Directory, Azure Active Directory isn’t it.

JumpCloud® Is a True Cloud Replacement to Active Directory

JumpCloud directory-as-a-service

There is good news, though. Given all of the changes in the IT landscape with more heterogeneous environments, cloud infrastructure, web applications, and WiFi, a reimagining of the directory service is going on. A cloud-hosted directory service called JumpCloud® Directory-as-a-Service® is a true replacement to Active Directory in the cloud. It serves as a cloud-hosted, central identity provider for IT resources regardless of their location, platform, protocol, and provider. It is the cloud replacement to Active Directory that IT admins have been searching for. And since it’s an independent solution, you aren’t locked into any one major provider such as Microsoft.

If you would like to learn more about replacing Active Directory with Azure Active Directory, drop us a note. We can walk you through the pitfalls of the thought process. We’d be happy to share more information about new IDaaS platforms that might be a better fit, too. You are also welcome to give our Directory-as-a-Service platform a try for yourself. Finally, please be aware that your first 10 users are free forever.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts