Microsoft Active Directory (AD) is the leading on-premise directory. However, as IT admins know, AD doesn’t play well with all of their infrastructure. AD was built to work in homogenous Microsoft-centric environments enabling access to Windows-based applications and devices.

Those environments are now antiquated.

In the modern cloud era there are a wide variety of systems—like Mac and Linux devices, Infrastructure-as-a-Service (IaaS) providers such as AWS, and Web-based applications—that aren’t being managed by AD.

The key to completely managing all of an organization’s infrastructure is to leverage an “Active Directory extension solution.”

A critical part of any organization is having one authoritative directory that all IT assets are connected to. This includes all devices and applications whether on-premise or in the cloud. In addition, this includes all platforms. In short, all IT resources. The challenge with Microsoft Active Directory is that it will authenticate, authorize, and manage Windows-based solutions. Unfortunately, AD does not handle Macs and Linux devices well. Although AD can authenticate access, it can be difficult to configure the connection and if device management is important, AD cannot work with Mac and Linux devices. AD also struggles to handle cloud servers. A secure connection between the cloud servers and AD is required. This is often a challenge as AD is not exposed to the Internet. Many cloud servers are also Linux based. The third area of challenge is connecting to Web-based applications. These could be IT applications that require LDAP as the protocol or front-office applications such as Salesforce, Workday, Dropbox, and others. Connecting AD to all of these different types of devices and applications is a challenge.

Extending Microsoft Active Directory to connect users to all of these other IT resources is the answer. JumpCloud’s Directory-as-a-Service® (DaaS) solution supports this critical use case. The critical principles of this approach to directory services is as follows:

  • The organization relies on only one authoritative directory, which in this case is Active Directory.
  • Due to the increased security required, Active Directory is not exposed to the Internet.
  • All IT resources are required to be connected to the core user store.

For many organizations, this approach to directory services is easy to agree with, but hard to execute. JumpCloud’s Active Directory Extension easily connects AD to all of an organization’s other IT resources. Here’s how it works. An agent is installed on the Microsoft AD server. This connects the organization’s AD server to JumpCloud. Users can then be mirrored in JumpCloud. These users will be the ones that require access to Macs or Linux devices, IaaS servers, and other Web-based applications. Once the users are mirrored in JumpCloud any changes with those users in AD are automatically replicated to JumpCloud. At this point, devices and applications can be connected to JumpCloud. For instance, an agent can be placed on Mac devices or Linux cloud servers which will connect back to JumpCloud for authentication, authorization, and management. IT applications or devices that can leverage the LDAP protocol can also be connected back to JumpCloud. As users login to devices and applications not directly controlled by AD, they are authenticated and authorized via JumpCloud.

In effect, JumpCloud serves as a bridge between the on-premise Active Directory server and all of the devices and applications not directly controlled by AD. All users are managed within AD, and extended to other IT resources. The benefits of this approach are to leverage a single user store to manage all access control to all IT devices and applications. This reduces the manual effort required by IT admins to manage access to IT systems. Further, it increases security as it ensures that users aren’t created, modified, or terminated outside of the central control point – the core directory. Users who are terminated are not potentially left active on applications or devices. Extending AD to other IT resources is an excellent way for IT admins to control the entire IT infrastructure.

Active Directory® is a registered trademark of the Microsoft Corporation