A Modern Alternative to the Increasingly Outdated Active DirectoryⓇ

Over the last 15 years, Microsoft® Active Directory (AD) has become the directory services solution of choice. Organizations small and large use it as the core of their network. AD is the Windows-based system that controls access to devices and applications. Typically, AD controls on-premise Windows-based platforms. Introduced in 1999, AD is Microsoft’s answer to central access control and Windows device management.

Apart from authenticating and authorizing users via the Kerberos protocol, AD centrally manages users and domains through a hierarchical structure. This enables an organization to have multiple AD servers working in concert across a global enterprise. AD servers serving different domains can also be made to trust each other, which enables users to travel across domains within the company and still gain access. AD is the able to control and manage devices through a feature called Group Policy Objects (GPOs). GPOs allow IT admins to remotely set security policies, change registry settings, install files, as well as numerous other tasks. Taken together, AD enables organizations to authenticate, authorize, and manage on-premise Windows devices and applications.

However, while Active Directory has been the dominant directory service solution over the last decade, fundamental changes in the IT landscape are creating new approaches to directories. IT admins no longer have the luxury of managing all of their devices and solutions on-premise. With the advent of Infrastructure-as-a-Service, IaaS, solutions, many organizations have moved their data centers to the cloud. Web-based applications are now the norm versus on-premise Windows-based solutions. Windows is no longer the dominant platform in an organization. Macs, Linux machines, and mobile phones and tablets are creating a mixed platform environment.

Unfortunately, AD has not kept pace with these dramatic shifts in the industry.

A new generation of solutions, called Directory-as-a-Service® (DaaS), is picking up for Active Directory’s shortcomings. As more organizations move core IT services to the cloud, a DaaS-based solution is appealing. A cloud-based directory delivered as a managed service off-loads the headaches of directory management from the IT organization to a third party provider. Further, a SaaS-based directory can seamlessly operate in a modern IT environment with multiple platforms, Web-based applications, and cloud servers.

DaaS solutions deliver a core user directory that can be easily managed through a Web-based interface. Users can be manually entered and managed or easily imported. IT admins can then connect users to devices and applications. Authentication and authorization can occur over the LDAP protocol, Kerberos, SAML, and others. Devices can be managed through the use of an agent. Commands can be executed on Windows, Mac, or Linux devices remotely. They can be executed ad hoc, scheduled, or triggered via events in the network. The DaaS solution is effectively a cross-platform, cloud-based version of AD, but delivered as a service.

The benefits of this new generation of solution is delivering directory services as a utility. Virtually every type of device and application regardless of where it sits (on-premises on in the cloud) can be connected to users that need access. IT admins escape the heavy lifting of managing a directory and perhaps most important, deliver critical, modern IT resources to their organizations that can be centrally controlled and managed.

Microsoft AD was important in making directory services widely adapting and utilized, but as modern enterprise change the way they do IT, an alternative is necessary. DaaS is the next generation in directory services.

Active Directory® is a registered trademark of the Microsoft® Corporation