Why Active Directory Struggles with Remote Work

Written by Kayla Coco-Stotts on June 6, 2020

Share This Article

IT organizations around the globe are under pressure to enable their employees to work remotely. As a result, IT admins are learning which solutions perform well in a work from home (WFH) scenario and which do not. 

Most commonly, IT teams regard legacy infrastructure, such as Microsoft Active Directory (AD), as incapable of securely managing user access during remote work. In this blog post, we look at the ideal scenario in which AD thrives, and why it struggles with a WFH model.

The Ideal Setup for Active Directory

Active Directory has been a mainstay in IT organizations for over 20 years. On-premises AD enabled IT admins to control who could join an organization’s network, and what IT resources they could access. Network users had single sign-on (SSO) access to all their on-prem, Windows-based resources, and admins could centrally manage those users and their access through AD.

AD worked well for organizations with a Microsoft-centric model. It was predicated on the concept of an on-prem domain, with employees working in an office. Every IT resource had a direct connection to the domain controller, which allowed users to authenticate to their devices and IT services.

However, as organizations adopted new technologies and processes that exist outside the Windows domain, centralizing user access around on-prem equipment became challenging. There are now a number of resources that admins have to manage in conjunction with AD, including:

  • macOS and Linux systems
  • Web applications like Slack and G Suite 
  • Infrastructure-as-a-Service platforms like AWS

So before, all remote users would need to do was use a VPN to gain access to AD and then their IT resources. But with most organizations managing resources that live outside that Windows domain, user provisioning, management, and security is not quite so simple.

The Issue with AD in Remote Environments

As a result of the global outbreak of the coronavirus, countless organizations have to enable remote working for their employees. In just weeks, the way people do work changed, and as a result, on-prem identity management tools like AD simply fail to meet new requirements.

Now that organizations are under pressure to shift to a work from home environment, IT admins are all too aware of the limitations and challenges of using AD as a core identity provider (IdP) in this modern world.

As more IT organizations move their infrastructure to the cloud, many wonder if an opportunity exists for them to move their directory services to the cloud as well. Doing so frees up a lot of time spent maintaining legacy hardware and add-on solutions, and is ultimately more cost-efficient for both the organization and the IT team. 

Because the way people work changed so quickly, IT needs a solution that will make future adjustments easier. Leveraging a directory service built for modern IT allows organizations to adapt with ever-evolving technology. So instead of building a system that ingrains organizations in one way of doing things, a cloud-based directory service grows and adapts with the business. 

A Directory Service Built To Enable Remote Work

JumpCloud Directory-as-a-Service (DaaS) is a modern solution to identity management. Hosted entirely in the cloud, DaaS is lightweight and cost-effective, allowing IT admins to monitor and manage users without the need for a number of identity management solutions. Remote employees use one platform to gain access to virtually all the resources they need while internal IT provisions users and their resources from anywhere. 

JumpCloud not only focuses on enhancing the user experience, but it also ensures that all core infrastructure is secure while employees adjust to working from home. For example, JumpCloud’s system-based password management prevents phishing attacks and saves time for both users and admins.  

Using JumpCloud, admins can manage their remote work essentials from one console:

  • System management via Policies and Commands for Windows, macOS, and Linux
  • Access to Applications via LDAP and SAML 2.0, provisioning via JIT and SCIM
  • Access to Networks via RADIUS authentication
  • Built-in MFA for systems, applications, and VPNs 

Learn More

Interested in how JumpCloud can help you instantiate secure, efficient remote work practices? Feel free to reach out to one of our representatives to see DaaS in action. You can also register up to 10 user for free, forever.

Kayla Coco-Stotts

Kayla is a content writer at JumpCloud with a B.A. in Print Journalism from the University of Kentucky. She hails from St. Louis, Missouri, and loves to eat good food and hike Boulder's beautiful trails when she is not writing.

Continue Learning with our Newsletter