Microsoft Active Directory
Microsoft introduced Active Directory in 1999 to connect its Windows systems together. The impetus for AD began years earlier with a number of movements and trends in the IT space at the time. Client-server technology was gaining popularity in the early 1990s just as a new directory services standard, Lightweight Directory Access Protocol (LDAP), emerged. Microsoft brought the two together to create an LDAP based directory for it’s near monopolistic Windows platform. Organizations could then manage users connecting to the network and also manage access to devices. Over the next fifteen years, Microsoft would go on to make significant improvements to Active Directory and as a result AD would become the leading on-premise directory service solution.
The core goal of Microsoft Active Directory is to authenticate, authorize, and manage users to primarily Windows based devices and applications. AD provides access to Windows machines and allows IT admins to control fine grain permissions including whether users can install software. Further, AD also enables single sign-on access to internal Windows based resources. Once a user logs onto the device which is connected to the network, AD, through Kerberos, helps users access resources on the network. For example, a user does not need to re-login when accessing a Windows file share or application such as SharePoint. The benefit to the user is, of course, easy access to all on-premise, Window-based resources. IT admins can quickly and easily manage who should have access to what IT resources.
Kerberos was primarily aimed at client-server situations where both sides authenticate each other. The benefit of Kerberos in a Windows environment is that users do not need to re-authenticate when each new resource is accessed. Kerberos works in the background ensuring that authentication is taking place. AD has been the directory service solution of choice for Windows-based networks.
As IT organizations leverage modern IT trends, Active Directory is struggling to be the single, core user directory. This challenge starts with a heterogeneous device and operating system environment. In addition to Windows PCs, IT organizations are adding Apple Mac OSX-based devices, Linux machines, and smart phones and tablets based on Android and iOS. Unfortunately, AD cannot manage all of these different device types. Cloud-based service such as Infrastructure-as-a-Service solutions are shifting the data center from being on-premise to the cloud. The problem is that AD isn’t often exposed to the Internet, so connecting cloud servers to AD isn’t possible. Another significant IT trend is the movement to SaaS-based services on the Web. Solutions such as Salesforce, DropBox, Workday, and many others are shifting where employees work. AD is struggling to manage those Web-based applications as well. While Active Directory has become the dominant directory services solution over the last decade, new IT trends are challenging its fundamental architecture and approach.