By Mike Ranellone Posted October 24, 2019
In a traditional network, IT administrators have a high level of control over who and what can access an organization’s Windows resources. The keys to the castle are typically protected by Microsoft® Active Directory® (AD), which has been the default tool for identity and access management (IAM) within local networks since its introduction in the late 1990s. For years, AD has offered a straightforward solution that most of us take for granted.
But as more and more resources move from on-prem servers to the cloud, it’s getting harder to keep everything securely tethered to AD. An ever-expanding patchwork of third-party vendors connect AD to web apps and non-Windows operating systems, offering end users only a semblance of the single-sign-on (SSO) convenience they once enjoyed in a self-contained, on-prem, Windows-based network. Managing this complex and growing infrastructure can feel like an uphill battle.
These challenges are forcing more admins to consider a move they would’ve thought impossible just a few years ago: the transition from Active Directory to an entirely different directory service designed from the top down for seamless integration with modern cloud-based resources.
Is a Transition from AD Even Possible?
With years’ worth of patches holding an instance of AD together, the process of untangling everything and transitioning away from AD can sound like a nightmare. No one in IT has time for that, especially in a larger organization. That said, if the untangling process itself is the primary obstacle standing between your team and a future of streamlined system management, that up-front time investment could pay dividends later. And as it turns out, the transition from AD might actually be a lot less painful than you’d think with the right Active Directory migration tools.
Visualizing the Transition from AD
A truly viable alternative to AD could make day-to-day IT admin tasks like employee onboarding and offboarding exponentially easier. It would also provide a centralized source of truth to authenticate access to resources — in other words, True Single Sign-On™ — while streamlining security policies. In a similar vein, this new directory would ideally automate the initial transition process as much as possible and offer hands-on support along the way.
Fortunately, many of the engineers behind cloud-based directory services built their chops by interacting with AD, and they’re working to make the migration process simpler. An automated AD Migration Utility (ADMU) could do the heavy lifting of converting a domain account to a local account and then importing that local account to the new cloud-hosted directory.
Minimizing Risk During the Transition from AD
Even if the long-term benefits of transitioning from AD far outweigh the short-term costs, you’d have to be certain that nothing would break in the process. Ideally, you’d walk into a meeting with top-level executives carrying proof that each system component will migrate safely, with secure backups along the way. Given variations from system to system, this kind of transition does come with some degree of risk. Building redundancy into every step of the migration process would ensure that nothing would be lost and a full revert would always be within reach.
Testing AD Migration
Thorough testing without committing to a permanent transition can go a long way toward minimizing risk and earning support within your organization. Running the ADMU on a test machine, you can convert a domain account to a local account but keep the system bound to the original domain. You’ll be running the two accounts in parallel, so you can compare to make sure everything works as expected on the newly converted local account before deciding whether to unbind it from the domain.
Optimizing the Transition from AD
Though the transition from Active Directory can be significantly automated, most IT admins will encounter questions during testing. The JumpCloud team is working constantly to streamline the migration process based on our customers’ needs. We’d love to collaborate with you and explore the details of transitioning away from AD given your organization’s specific use case. To find out more about what this AD migration process could look like, contact our sales team to set up a personalized demo and take an in-depth look at the future of directory services.