![\"graphic](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/09\/graphic.png\")
<\/figure>\n\n\n\nModernize Your Infrastructure<\/p>\n\n\n\n
See why an open directory platform can help you to unify your environment<\/a>.<\/p>\n\n\n\n Read More<\/a><\/p>\n\n\n\n Active Directory is a directory service\/identity provider that enables administrators to connect users to Windows-based IT resources. Further, with AD, IT can manage and secure their Windows-based systems and applications. AD stores information about network objects (e.g., users, groups, systems, networks, applications, digital assets, and many other items) and their relationship to one another.<\/p>\n\n\n\n Admins can use AD to create users and grant them access to Windows laptops, servers, and applications. They can also use AD to control groups of systems simultaneously, enforcing security settings and software updates.<\/p>\n\n\n\n Access and controls are enabled using the concept of a domain. The domain concept is essentially a concept of inclusion and exclusion. Traditionally, this approach was leveraged for physical locations. Historically, many IT resources were hosted on-prem and were a part of the domain \u2014 i.e., internal network \u2014 and when a user was in the physical location they would have access to all of their requisite resources on-prem. If a user was off-prem, they would need a VPN to make it appear that they were on-prem. This approach worked well when IT resources and people were in the same physical proximity.<\/p>\n\n\n\n AD is part of the wider identity and access management (IAM) space and is often supplemented with single sign-on (SSO) or mobile device management (MDM) solutions among many others. JumpCloud Directory Platform is a cloud-based alternative<\/a> to Active Directory.<\/p>\n<\/div><\/div><\/div>\n\n\n\n Check out our AD to Cloud “translation” guide<\/a>. The guide is a Rosetta stone to help you understand the concepts and terms that are specific to AD and the cloud.<\/p>\n<\/div><\/div><\/div>\n\n\n\n Microsoft first introduced the world to Active Directory in 1999 and released it alongside Windows\u00ae<\/sup> 2000 Server edition. <\/p>\n<\/div><\/div><\/div>\n\n\n\n Active Directory takes advantage of the networking protocols for DNS\/DHCP and the Lightweight Directory Access Protocol (LDAP), alongside Microsoft\u2019s proprietary version of Kerberos<\/a> for authentication within internal networks (LANs). Kerberos was considered secure when it was introduced during the late 1990s, but it\u2019s now vulnerable to attack methods involving Kerberoasting<\/a>, forged tickets, and stolen tickets. That means spending a lot of time and resources for mitigations and security controls to improve security. Failure to do so may place valid account credentials at risk.<\/p>\n\n\n\n Many people ask why AD doesn\u2019t natively support more modern protocols, such as SAML, OIDC, and RADIUS. We won\u2019t speculate on their reasoning, but we do believe that a multi-protocol approach is the future of cloud IAM architecture<\/a>. Support for protocols such as SAML, OIDC, and RADIUS can be accomplished through Microsoft add-on solutions as well as third-party solutions.<\/p>\n<\/div><\/div><\/div>\n\n\n\n Our best guess is that AD is called \u201cActive\u201d Directory because it actively updates information stored in the directory. For example, when an administrator adds or subtracts a user from the organization, Active Directory automatically replicates the change to all of the directory servers. This happens at a regular interval so that the information always remains up to date and synchronized.<\/p>\n\n\n\n Today, this \u201cactive\u201d type of behavior is expected in IT systems. But, before the era of computerized directory services, the concept of a directory that kept itself up to date was pretty innovative. Keep in mind that when the Active Directory moniker was coined, physical encyclopedias were still commonly used and the \u201cactive\u201d Wikipedia hadn\u2019t yet launched.<\/p>\n<\/div><\/div><\/div>\n\n\n\n Generally speaking, when an organization leverages Active Directory, every single employee uses Active Directory every day without even knowing it. People use Active Directory when they log in to their work machines and when they access apps, printers, and file shares.<\/p>\n\n\n\n But the primary users of Active Directory are the admins who operate, manage, and configure AD. AD admins likely include all of the IT team and may also include members of the organization\u2019s security, DevOps, or engineering teams.<\/p>\n\n\n\n Virtually all organizations around the world use a solution such as Active Directory or other identity provider. Enabling and controlling access to IT resources is one of the most important aspects of operating and securing an organization. Solutions such as directory services enable organizations to be productive.<\/p>\n<\/div><\/div><\/div>\n\n\n\n Whether people realize it or not, Active Directory has been making the business world go \u2018round since the turn of the century. AD is in place at almost every large organization and many small ones. It\u2019s a legacy foundational tool that hums away quietly in the background, so many people who use AD every day don\u2019t even realize what it is \u2014 the secure access key to their laptops, applications, network, and files. In short, a directory service is what connects users to their IT resources, and AD has done that for users to their Windows resources for almost two decades.<\/p>\n\n\n\n Looking for a more in-depth answer? We have a blog that covers the purpose of Active Directory<\/a>. <\/p>\n<\/div><\/div><\/div>\n\n\n\n An object is the generic term for any unit of information stored within Active Directory\u2019s database. Objects can include users, laptops, servers, and even groups of other objects (explained below). <\/p>\n<\/div><\/div><\/div>\n\n\n\n AD enables admins to manage sets of multiple objects known as groups. Using GPOs (group policy objects)<\/a>, an admin can make a change to one group and have that change apply to all objects within that group. They\u2019re often used to segment users or systems by department or clearance.<\/p>\n\n\n\n That convenience comes at the cost of IT security. Nested groups can be very useful if they\u2019re used wisely. However, they can also be the source of over-provisioned users, putting at risk data confidentiality, integrity, and insurance. AD\u2019s group management is manually driven, which offers the least mature level of entitlements management. Controls and measures are manual and ad hoc, entitlements are identified but need regular oversight, least privilege is policy driven, and remediation is manual.<\/p>\n\n\n\n The bottom line is that group-based management makes IT administration more efficient, but efficiency comes at the cost of security if admins don\u2019t carefully manage identities and entitlements. Active Directory, developed nearly two decades ago, wasn\u2019t designed with Zero Trust concepts as a guiding principle or for the web.<\/p>\n<\/div><\/div><\/div>\n\n\n\n A forest is at the top of Active Directory\u2019s logical structure, which also includes objects, trees, domains, and organizational units (OU). A forest describes a collection of trees, which denote a collection of domains. So, what are trees and domains? <\/p>\n\n\n\n Well, a domain is a collection of users, computers, and devices that are part of the same Active Directory database. If an organization has multiple locations, they may have a separate domain for each one. For example, an international organization could have a domain for their London office, another one for their New York office, and a third one for their Tokyo office. IT admins also sometimes isolate their user accounts into a separate forest to maximize security. These configurations aren\u2019t rudimentary and oftentimes require hiring external resources to set up.<\/p>\n\n\n\n A tree could be used to group all three of those domains as branches belonging to the same tree, so to speak. An organization that has multiple trees could then group them into a forest.<\/p>\n\n\n\n This is a core concept of Active Directory and it can be complicated. If you have questions, drop us a note<\/a> and we\u2019d be happy to help you work through what type of AD structure makes the best sense for your organization. Meanwhile, check out the Active Directory to cloud translation guide<\/a> for additional context and definitions.<\/p>\n<\/div><\/div><\/div>\n\n\n\n A domain controller<\/a> (DC) is any server that is running Active Directory Domain Services (AD DS). At least one domain controller is necessary to use Active Directory, though most organizations have at least two per location. Large, multinational organizations may require dozens of domain controllers across each of their physical locations in order to ensure high availability for their AD instance. <\/p>\n\n\n\n Generally, DCs are thought of as being tied to a physical office, which in the current remote work environment can be challenging. IT teams that are AD centric must connect remote users to their LANs through VPNs or alternatives including a software-defined WAN (SD-WAN) and secure access service edge (SASE). Otherwise, purpose-driven cloud services can more easily manage remote endpoints and identities with less infrastructure and overhead. <\/p>\n\n\n\n Individual users and their systems are connected to the domain controller through the internal network. When users request access to objects within the Active Directory database, AD processes that request and either authorizes or prevents access to the object. <\/p>\n\n\n\n Once within the domain, a user doesn\u2019t need to input another username and password to gain access to the domain-bound resources that they have rights to. The authentication and access occurs seamlessly. That\u2019s the beauty of the domain. But this concept begins to fall apart as non-Windows resources are introduced. It also struggles if users are remote and not physically attached to the domain \u2014 in this case, the end user will need a VPN to the network and be authenticated by the DC in order to gain access to their on-prem, Windows-based resources.<\/p>\n<\/div><\/div><\/div>\n\n\n\n Note that Microsoft has also extended the concept of a domain to Azure. Organizations can create a separate domain at Azure through Active Directory Domain Services (AD DS). This domain is separate and distinct from the on-prem domains, although the two can be bridged through a variety of connective technology including Azure AD Connect and Azure AD. AAD is, however, a separate directory service from the legacy on-premises directory. It\u2019s not possible to access Microsoft services such as Microsoft 365\u2122 (M365) without AAD if your existing directory resides in AD. <\/p>\n\n\n\n Microsoft has also branched into mobile device management (MDM) and premium identity management services through its SKUs. Likewise, those are dependent upon AAD.<\/p>\n\n\n\n Gated Licensing Structure<\/strong><\/p>\n\n\n\n Microsoft has implemented a gated licensing scheme for AAD services. For instance, there are two distinct subscription levels for AAD Premium; and other services for MDM, advanced identity management, and Zero Trust security policies are either included or available as separate subscriptions.<\/p>\n\n\n\n IT organizations often work with partners to navigate this web. We should also note that there is a new concept called the Domainless Enterprise<\/a>, which takes the approach of eliminating the domain concept, but still retains the idea of securely and frictionlessly accessing IT resources wherever they may be through an open directory platform. This concept is especially helpful for organizations that leverage web applications, cloud infrastructure, and non-Windows platforms (e.g., macOS, Linux).<\/p>\n<\/div><\/div><\/div>\n\n\n\n AD DS basically sets up the database of objects that serves as the foundation for AD management. AD DS isn\u2019t the only server role associated with Active Directory, but you could argue that it\u2019s the server role that corresponds most directly to the core functionality that people associate with AD. <\/p>\n<\/div><\/div><\/div>\n\n\n\n Technically, yes, Active Directory can work for Macs<\/a>. But the user and system management capabilities of AD are curtailed with Macs when compared to the functionality with Windows systems. Deep, automated control over Mac systems has conventionally been achieved only with the help of third-party directory extensions or MDMs (mobile device managers). Tight control over users including provisioning, deprovisioning, and permission modifications are also challenging on Macs when using AD. Microsoft provides Mac MDM for an additional cost.<\/p>\n\n\n\n We\u2019ve put together a resource on this topic called best practices for integrating Macs with Active Directory<\/a>.<\/p>\n<\/div><\/div><\/div>\n\n\n\n Knowing how to use AD is a valuable skill \u2014 and one that\u2019s broadly applicable at organizations worldwide. Learning AD is particularly valuable if you want to work in IT supporting Windows devices, Azure cloud services, SharePoint, and many other enterprise softwares and platforms. <\/p>\n\n\n\n However, it is possible to advance a career in IT without ever learning AD. \n <\/p>\n \n Securely connect to any resource using Google Workspace and JumpCloud. <\/p>\n <\/div>\n When Active Directory Domain Services<\/a> is installed on a server, it becomes known as a domain controller. This server stores the Active Directory database, which contains a hierarchy of objects and their relationship to one another.<\/p>\n\n\n\n Active Directory is managed by an admin through a thick-client GUI (graphical user interface) that resembles the file manager in Windows (pictured above). This application runs on a Windows server and is not a modern browser-based application. Admins can point, click, and drag objects within AD and adjust their settings with a right-click via the mouse to access the dropdown menu.<\/p>\n\n\n\n AD can also be controlled via the command line and through tools that leverage PowerShell, Microsoft\u2019s language for automation and API-level tasks.<\/p>\n\n\n\n Active Directory is managed on premises by several different applications. Many organizations opt to license third-party applications and snap-ins to simplify the experience, make workflows more accessible, and improve reporting. Applications also exist to integrate AD with Azure AD. AAD and Microsoft\u2019s endpoint management products also have separate interfaces. <\/p>\n\n\n\n A change or workflow made in AD cannot be executed on AAD (and vice versa), so you have two different management paradigms, two different security paradigms, and two different interfaces and workflow potentials.<\/p>\n<\/div><\/div><\/div>\n\n\n\n The biggest misconception around Azure AD<\/a> is that it\u2019s Active Directory in the cloud. But the truth is that Azure AD wasn\u2019t built to be a standalone AD in the cloud<\/a>. Instead, Azure AD is designed to extend an existing Active Directory instance to the cloud.<\/p>\n\n\n\n To better understand the AD and AAD relationship, Microsoft\u2019s reference architecture diagram is helpful.<\/p>\n\n\n\n The concept has a lot of moving parts: you can synchronize your on-prem AD with Azure AD Connect and connect your existing database of user identities and groups to Azure cloud-based resources. Of course, you need Azure AD and then if you would like to create a domain within Azure, the Azure AD DS product as well. Azure AD Connect is a tool used to federate on-prem Active Directory identities to resources that are hosted within the Azure platform through integrations with Entra. Features such as password write-back and group syncing are limited to premium SKUs. AAD does the \u201cheavy lifting\u201d to federate identities, and AD serves as an entry point to AAD. These resources could include M365 and Azure systems, servers, and applications. Users could experience limitations when accessing resources outside of the Microsoft ecosystem.<\/p>\n<\/div><\/div><\/div>\n\n\n\n You could say that Active Directory was SSO<\/a> before SSO existed. By that, we mean that AD provided a single sign-on experience for users by centralizing access to all Windows-based resources within the database. Further, those resources were all on-prem or at minimum connected to the domain.<\/p>\n\n\n\n That said, what the industry conventionally considers to be SSO (web app SSO)<\/a> is very different from AD \u2014 and in fact, conventional SSO arose out of AD\u2019s inability to authenticate users into web apps during the mid-2000s. Today, many organizations still supplement their Active Directory with a browser-based web application SSO tool.<\/p>\n\n\n\n Azure AD is Microsoft’s attempt at web SSO, but it\u2019s optimized for the Microsoft ecosystem. Its interoperability starts to break down as you expand beyond Microsoft services \u2014 particularly to things that don’t support SAML or OIDC.<\/p>\n\n\n\n However, new business requirements have driven the concept of SSO to now extend to devices, networks, file servers, and more, so the modern concept of SSO<\/a> goes beyond just access to Windows resources or even web applications. The concept of True SSO<\/a> is even more expansive and highly relevant for modern organizations where users and their IT resources may be all over the world.<\/p>\n<\/div><\/div><\/div>\n\n\n\n Yes, Active Directory is software developed by Microsoft that is installed, maintained, and updated on Windows-based server hardware. The AD software is licensed through a concept called CALs (client access licenses) among other mechanisms. Licensing for AD software can be quite complex, so discussing your options with a Microsoft reseller is your best bet.<\/p>\n\n\n\n Further, the AD software and hardware is not a complete solution. You need to procure other components to help make AD run including solutions for security, high availability, backup, VPN, and more. <\/p>\n<\/div><\/div><\/div>\n\n\n\n Not exactly. Active Directory requires a Windows server in order to function. A server running Active Directory Domain Services software is known as a domain controller \u2014 whether that server is physical hardware located on-prem or virtualized. <\/p>\n<\/div><\/div><\/div>\n\n\n\n It would be more accurate to say that Active Directory contains a database. The Active Directory database stores all the users, groups, systems, printers, and policies within the network. These are known as objects and can be manipulated by admins using Active Directory.<\/p>\n<\/div><\/div><\/div>\n\n\n\n No. Active Directory was developed privately by Microsoft and its code has not been made available to the public like an open source tool. The primary open source alternative to Active Directory is OpenLDAP (others include FreeIPA, Samba, 389 Directory, and others). You can learn more about OpenLDAP vs Active Directory<\/a>.<\/p>\n<\/div><\/div><\/div>\n\n\n\n <\/p>\n\n\n\n Active Directory isn\u2019t LDAP, but it uses LDAP. AD is a directory service that is capable of communicating through the LDAP protocol and managing access to LDAP-based resources. AD\u2019s primary protocol is a Microsoft proprietary version of Kerberos.<\/p>\n<\/div><\/div><\/div>\n\n\n\n Generally, to operate AD you need a server, a backup, data center space, and VPNs. That\u2019s just to get through the basics, but for most organizations you also need to figure out security, load balancing\/high availability, data backup, and much more. You also need an IT admin who is technically adept enough to install, manage, and maintain AD.<\/p>\n\n\n\n Note that the hardware and software requirements necessary to operate Active Directory are unique to each organization. Some aspects to consider when determining what you need to operate AD include the following:<\/p>\n\n\n\n Accurately assessing your IT environment is crucial for effective use of Active Directory, and taking shortcuts could result in performance issues down the line. For more information, check out Microsoft\u2019s capacity planning article<\/a>. It is also recommended that you talk to a Microsoft reseller regarding licensing as it can be complex and include server software, client access licenses, and more.<\/p>\n\n\n\n Of course, if you have non-Windows systems, applications, file servers, and network infrastructure, you need to purchase add-ons as well such as web application SSO, multi-factor authentication (MFA), privileged access management, governance and auditing, and more.<\/p>\n<\/div><\/div><\/div>\n\n\n\n Yes, there are limits in Active Directory. From maximum number of objects to maximum number of GPOs applied, Active Directory has its restrictions. Here are a few of them:<\/p>\n\n\n\n Premium AAD subscriptions, several ad hoc Azure services, or third-party solutions are required to implement a Zero Trust security posture. Identity management is an essential aspect of the modern attack surface. Any unattended credential, or elevated access to applications or data, is of particular interest to cybercriminals. Therefore, compromising AD is the first step for hackers that want to penetrate the enterprise\u2019s network.<\/p>\n\n\n\n As more companies migrate their operations to the cloud and workforces become distributed outside of on-prem network perimeters, AD is increasingly becoming a focal point for cybercriminals. While AD is not inherently insecure, the complexities associated with implementing it<\/a> can leave the network susceptible to attackers. For example, cybercriminals can take advantage of replication processes in AD and steal signing certificates, potentially launching catastrophic attacks.<\/p>\n\n\n\n When Microsoft unveiled AD, most of the applications that companies used were largely Windows-based and resided in on-prem servers called domain controllers (DCs). However, web-based applications that are not native to Microsoft dominate today\u2019s enterprise IT environments. Linux and macOS systems have also replaced Windows workstations in most organizations.<\/p>\n\n\n\n Since Active Directory wasn\u2019t built with the integration of third-party solutions in mind, connecting non-Microsoft systems to the platform is a challenging task. While you could achieve integration with additional configurations, the process isn\u2019t as seamless as how AD natively supports Windows-based applications. Microsoft’s cloud services aren\u2019t much different.<\/p>\n\n\n\n Some of Azure AD\u2019s identity and access management features don\u2019t extend to non-Microsoft services, unless you pay more. Single sign-on (SSO) and multi-factor authentication (MFA) are examples of this.<\/p>\n\n\n\n Active Directory is technically a free solution, with no additional costs if you\u2019ve already subscribed to Windows Server OS. However, setting up SSO can be expensive for the organization and adds a higher total cost of ownership<\/a> than anticipated. For example, besides the initial server and setup costs, you have to figure out the maintenance expenses. Microsoft\u2019s core-based licensing approach<\/a> has added complexity and costs for many organizations that are updating legacy hardware to newer server racks.<\/p>\n\n\n\n You can read more about other Active Directory limitations here<\/a>. From a practical standpoint, there are limitations due to server hardware capacity, bandwidth, performance latency, and more. IT admins need to understand their entire infrastructure to identify how their users are impacted by these types of limitations.<\/p>\n<\/div><\/div><\/div>\n\n\n\n Take a moment to think about all of the hard work you\u2019ve put into creating a secure, seamless IT environment. You\u2019ve nailed providing users with just the right amount of access in all of the IT resources they need to get work done. You\u2019ve got all the right GPOs in place. Your logical structure is pristine. <\/p>\n\n\n\n Unfortunately, with no backup, you run the risk of having to start all over.<\/p>\n\n\n\n Not only is it a pain to set everything up again, but the rest of the company will be significantly delayed in getting back to work. Employees won\u2019t be able to access their IT resources until you\u2019ve rebuilt your Active Directory setup. So, having a backup strategy for your Active Directory instance can save a lot of pain and time in the event you experience a failure or disaster. For advice on what to consider for your disaster recovery plan, read this r\/sysadmin Reddit post<\/a>.<\/p>\n\n\n\n Of course, backing up AD is only one of the disaster scenarios that you need to account for: internet connections can be severed, hardware can fail, human errors can occur as well, and more. Those all need to be accounted for as well. As IT admins know, authentication services are generally a 100% uptime initiative.<\/p>\n\n\n\n Microsoft also cautions<\/a>, \u201cChoosing a more recent backup recovers more useful data, but it might increase the risk of reintroducing dangerous data into the restored forest.\u201d It notes that there\u2019s a trade-off between recovering more useful data and the safety of the restored data.<\/p>\n<\/div><\/div><\/div>\n\n\n\n The estimated lifespan for a server is generally about five years. After that, you\u2019re on borrowed time. If you\u2019re still using Windows Server 2003 or Windows Server 2008, then you should definitely think about getting a new domain controller. The EOL for Windows Server 2003<\/a> occurred in July 2015 and the EOL for Windows Server 2008 was January 14, 2020<\/a>. As mentioned, core-based licensing has replaced prior licensing regimes and might raise costs.<\/p>\n\n\n\n Organizations that migrate to the cloud from AD have ample time to decommission it. You can’t turn off AD until the last resource that requires it is also turned off. It\u2019s possible to adopt more capable solutions for modern problems without prematurely \u201cpulling the plug\u201d on AD.<\/p>\n<\/div><\/div><\/div>\n\n\n\n When building out Active Directory infrastructure, there are some best practices that can help you maintain strong security and also avoid configuration issues. Here are a few recommendations (please note that you may require external consultants to accomplish these tasks):<\/p>\n\n\n\n These suggestions could take five to six full days of work to implement, but are worth the investment in view of the multitude of security risks that AD is vulnerable to when it\u2019s not hardened.<\/p>\n<\/div><\/div><\/div>\n\n\n\n Many of the best practices listed above get to the heart of this: keep your AD instance patched and up to date, and utilize principles of least privilege. Don\u2019t use your domain controller for anything other than the roles required for domain services. Administrative accounts should be isolated from regular users and only used to perform tasks. Never run as a super user.<\/p>\n\n\n\n When it comes to physical security, you should consider locking up the server room, having alarms at all access points, keeping the premises under video surveillance, and also setting up flood alarms and fire prevention systems. Server rooms often accumulate associated costs such as modifying a server room to be airtight as well as dedicated HVAC systems.<\/p>\n\n\n\n You also have to train any users who have access to AD about how to stay secure. Read our in-depth guide to security training, Security Training 101: Employee Education Essentials<\/a>.<\/p>\n\n\n\n Of course, for many organizations the concept of physical security can be left to a cloud provider, if one is utilized.<\/p>\n<\/div><\/div><\/div>\n\n\n\nActive Directory Basics<\/h2>\n\n\n\n
Active Directory Definitions<\/h2>\n\n\n\n
Modern, cloud-forward organizations are bypassing on-prem AD altogether and going straight to cloud-based directory services. You can practice with directory services by taking advantage of a free JumpCloud Directory Platform <\/a>account. JumpCloud University<\/a> can also help you learn the concepts around a cloud directory platform and the domainless enterprise.<\/p>\n<\/div><\/div><\/div>\n\n\n\n![\"JumpCloud\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/04\/Promos_GooglePartnership_290x175-SiteDisplay_GooglePartnershipPage-aspect-ratio-160-110.png\")
\n <\/div>\n How Does Active Directory Work?<\/h2>\n\n\n\n
![\"screenshot](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2021\/02\/ad-screenshot.png\")
<\/figure>\n\n\n\nManagement Applications, Integrations, and Interfaces<\/h3>\n\n\n\n
What Is Entra ID (Azure Active Directory)?<\/h2>\n\n\n\n
![\"Azure](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2021\/02\/Azure-Architecture-Diagram.png\")
<\/figure>\n\n\n\n
Azure AD can do many things that AD can\u2019t (e.g., it has an integrated web application single sign-on component) \u2014 and the wider umbrella of Microsoft\u2019s Azure platform spans functionality so broad that it may be considered a competitor to Amazon Web Services<\/a>. But don\u2019t be fooled into thinking that means that Azure AD can do everything that on-prem Active Directory can.<\/p>\n<\/div><\/div><\/div>\n\n\n\nWhat AD Is and Isn\u2019t<\/h2>\n\n\n\n
Active Directory Functionality<\/h2>\n\n\n\n
\n
\n
It Cannot Address Modern Security Needs<\/h4>\n\n\n\n
It Doesn\u2019t Integrate Well with Third-Party Platforms<\/h4>\n\n\n\n
Implementing AD Can Be Costly for the Organization<\/h4>\n\n\n\n
Are There Any Active Directory Best Practices? <\/h2>\n\n\n\n
\n
\n
\n
How Do You Secure Active Directory?<\/h2>\n\n\n\n
![](\"https:\/\/lh7-us.googleusercontent.com\/7vfxGhBGT9XC82l41jnn7_LWsBy9-_Imz6F5Di25dcN9qo3V3jH10iZ-_76hyqmyCVaYKvPV9Pp_ImXfVrRWuUF8CVkl6QMBs_FbUxnCOKEPwNLlpa4ECXjFmecJqO2BBW-nxmk7DVvgGTCOSSgDGgo\")
<\/p>\n\n\n\n