{"id":42727,"date":"2022-12-05T10:52:31","date_gmt":"2022-12-05T15:52:31","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=42727"},"modified":"2024-11-08T16:45:14","modified_gmt":"2024-11-08T21:45:14","slug":"active-directory-without-a-server","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server","title":{"rendered":"Active Directory Without a Server"},"content":{"rendered":"\n<p><a href=\"https:\/\/jumpcloud.com\/blog\/active-directory-faq\">Active Directory (AD)<\/a> is a directory service introduced by Microsoft that runs on a Windows server to centrally manage user access to resources on the LAN. The server role in Active Directory is run by <a href=\"https:\/\/jumpcloud.com\/blog\/ad-ds\">Active Directory Domain Services<\/a> (AD DS), and the server running AD DS is called a domain controller. The domain controller performs two important functions:<\/p>\n\n\n\n<ul>\n<li>Authenticates and authorizes all users and systems in a Windows-based network<\/li>\n\n\n\n<li>Assigns and enforces all security policies for Windows systems<\/li>\n<\/ul>\n\n\n\n<p>That is why Active Directory remains an important system of record for many small and medium-sized enterprises (SMEs), even though it can only reside on servers within a network. However, IT infrastructure and workplace trends have changed dramatically since its introduction over two decades ago. It\u2019s common to have a heterogeneous mix of devices with employees working remotely at least some of the time (or even indefinitely). Microsoft has responded by <a href=\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p1\">extending AD to the WAN<\/a>, but devices and users can now be managed without AD, or Microsoft.\u00a0<\/p>\n\n\n\n<p>Identity has become the new perimeter and IT teams must look beyond standalone AD to manage identities and all corresponding devices, wherever they exist. Devices are the gateway to your IT assets and shouldn\u2019t go unmanaged because they\u2019re not Windows. Cloud directories are filling the gap by providing the access control, device management, portability, and security that AD cannot. This has brought forward the option for a new paradigm: the <a href=\"https:\/\/jumpcloud.com\/blog\/domainless-enterprise-it-architecture\">domainless enterprise<\/a>.<\/p>\n\n\n\n<p>This article examines AD\u2019s benefits, and when it\u2019s necessary to look beyond it. That\u2019s accomplished by integrating with cloud directory services to extend it, or even a domainless enterprise.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Does Active Directory Do?<\/h2>\n\n\n\n<p>AD DC manages local network elements, such as systems and users, by organizing them into a structured hierarchy. The domain controller is then responsible for authorizing user authentication requests within the network. The next section outlines its core capabilities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Manages Devices, Services, and Users<\/h3>\n\n\n\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/troubleshoot\/windows-server\/identity\/active-directory-overview\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Active Directory Users and Computers<\/a> manages local contacts, devices, and users in your fleet: from PCs to printers. Admins create and organize groups within organizational units (OUs) to logically separate resources. OUs reside within a \u201cforest,\u201d which is the highest level of organization in AD. It may include service accounts for network services, apps that run on your servers, and integrations with SaaS apps. Service accounts can run locally on machines or across the domain. This tool also configures permissions for objects within your directory.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Global Catalog of Domains<\/h3>\n\n\n\n<p>Global catalog is an AD feature that stores replicas of the <a href=\"https:\/\/jumpcloud.com\/blog\/active-directory-attributes\">attributes of an object<\/a> within a forest (or domain tree), even if the object (such as a user) resides within a separate domain. This enables organizations to centralize IT even if they have multiple locations and data centers, but users and devices must either exist within the confines of those facilities or utilize a VPN.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Querying and Indexing Directory Objects<\/h3>\n\n\n\n<p>There are two built-in options to query AD attributes. The Active Directory schema snap-in enables admins to index attributes. PowerShell is another option to specify a query string to retrieve AD objects. Many organizations purchase third-party reporting tools for compliance purposes and to gain visibility into their AD environment, but it\u2019s vital to trust all software that\u2019s installed on a DC. Attackers may gain entry into networks through the supply chain, and DCs hold the \u201ckeys to the kingdom.\u201d<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">High Availability<\/h3>\n\n\n\n<p>Every domain controller is a server object in AD DS. High availability is automatic whenever there\u2019s more than one DC. This makes it possible to shut down a server for maintenance without impacting your end users. Objects are automatically replicated throughout the server cluster. Administration is more complex: e.g., add-on apps must be installed and updated on each DC. Adding servers may <a href=\"https:\/\/jumpcloud.com\/blog\/microsoft-server-core-licensing-costs-more\">increase licensing<\/a>, management, server <a href=\"https:\/\/jumpcloud.com\/blog\/ditch-your-domain-controllers\">infrastructure costs<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Schemas and Templates<\/h3>\n\n\n\n<p>Admins have deep control over how AD operates. Schemas can be customized to control (through rules) objects that can be stored within the directory and their related attributes. Templates can be configured to automate the creation of objections and associated policies. Admins use the Group Policy Editor to create and edit ADMX and ADML template files. Templates may also be imported into Microsoft\u2019s Endpoint Manager, a new subscription cloud service.<\/p>\n\n\n\n<p>Now, let\u2019s explore what AD isn\u2019t capable of doing.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Doesn\u2019t Active Directory Do?<\/h2>\n\n\n\n<p>The domain controller serves an important role, but the modern workplace has shifted to the cloud. Legacy management solutions like the domain controller struggle to manage the disparate, non-Windows-based identities that have become commonplace in the IT landscape. Managing identities also entails managing devices and access to SaaS apps external to the Microsoft ecosystem. The next section examines those constraints in further detail.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Single Sign-On (SSO) and Multi-factor Authentication (MFA)<\/h3>\n\n\n\n<p>The widespread shift toward web applications means that end users can no longer leverage single sign-on (SSO) through AD for all resources. Twenty years ago, when the IT landscape consisted entirely of Windows applications and desktops, AD connected every user to just about every resource they required. AD no longer grants that level of authorization, forcing admins to adopt additional tooling to manage authentication and authorization for all of their IT assets.<\/p>\n\n\n\n<p>Microsoft introduced an Identity-as-a-Service (IDaaS) solution with Azure Active Directory (AAD), but AAD can make identity management complex, time-consuming, and costly for IT admins by forcing them to keep on-prem AD in conjunction with it. There\u2019s a <a href=\"https:\/\/jumpcloud.com\/blog\/understanding-aad-pricing-free\">free tier of AAD<\/a> that makes it possible to access apps such as Microsoft 365 (M365), but a Premium 1 (P1) or greater subscription to AAD is necessary to have SSO for domain-bound apps and the cloud.<\/p>\n\n\n\n<p>Additionally, if IT professionals wanted to leverage SSO for their users without AAD, they would have to add Active Directory Federation Services (AD FS) to their on-prem AD. That would need to be housed on-prem. AD FS has high management overhead and can be <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-adfs\">difficult to implement<\/a>. Microsoft requires the NPS server role to be installed, configured, and managed to access network devices. There are multiple options for SSO within the Microsoft portfolio, but extending AD for roles it wasn\u2019t designed for dramatically increases complexity and overhead.<\/p>\n\n\n\n<p><a href=\"https:\/\/jumpcloud.com\/platform\/multi-factor-authentication-mfa\">Multi-factor authentication<\/a> (MFA) isn\u2019t built into AD. SMEs must purchase solutions that integrate with it. Microsoft offers MFA to access Windows apps, but only through its AAD P1, P2 SKUs. Additionally, conditional access (CA) policies aren\u2019t available without those integrations.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Securing and Managing External Identities&nbsp;<\/h3>\n\n\n\n<p>The domain controller struggles with providing access to IT resources outside of the on-prem Windows networks, so AWS and GCP infrastructures can be difficult to integrate, such as Google Workspace.&nbsp;<\/p>\n\n\n\n<p>Third-party solutions, such as JumpCloud\u2019s open directory, manage identities from other identity providers (IdPs) such as Google or Okta. Microsoft has introduced the capacity to manage external identities through Entra, for an additional monthly fee per user. It also charges for every single instance of an MFA authentication for those external IDs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Strong Security Defaults<\/h3>\n\n\n\n<p>Substantial work is required to harden Active Directory through specialized configurations. It\u2019s not secure by default, and attackers have cultivated a strong understanding of AD\u2019s default settings. Hardening AD is mandatory to secure your infrastructure.&nbsp;<\/p>\n\n\n\n<p>IT teams should always follow best practices to limit how they run as domain administrators. It\u2019s advisable to use Microsoft\u2019s ATA (Advanced Threat Analytics) or Defender for Identity to detect anomalous user behaviors. Security best practices for AD can take several full days of work to implement.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Automation of Identity Lifecycle and Entitlements<\/h3>\n\n\n\n<p>User identity lifecycle and entitlement management is a manual process in AD. Serious and costly breaches, including the <a href=\"https:\/\/www.techtarget.com\/whatis\/feature\/Colonial-Pipeline-hack-explained-Everything-you-need-to-know#:~:text=What%20was%20the%20root%20cause,Homeland%20Security%20on%20June%208.\" target=\"_blank\" rel=\"noreferrer noopener\">Colonial Pipeline<\/a> ransomware attack, have occurred when domain users were \u201cforgotten.\u201d Forgotten accounts are still able to access assets. It\u2019s important to actively manage users and privileges to safeguard against insider and external threats.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Integrated Reporting<\/h3>\n\n\n\n<p>Third-party tools\/services are necessary for reporting, especially when your users are accessing confidential and protected information or your industry is subject to compliance or regulatory requirements.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Cross-OS Device Management<\/h3>\n\n\n\n<p>Systems must be directly bound to the AD to deploy Group Policy Objects (GPOs) which are registry settings, configurations, or tasks that need to be executed. Mac and<a href=\"https:\/\/jumpcloud.com\/blog\/active-directory-linux\"> Linux systems\u2019 commands and scripts<\/a> (i.e., no GPOs) cannot be managed from the Windows domain controller, meaning that IT admins must manually configure each system if they choose not to implement add-ons. Even Windows systems must be connected to a VPN to receive policy updates from AD or PowerShell commands, complicating your capacity to effectively manage remote users.<\/p>\n\n\n\n<p>Microsoft\u2019s paid subscription <a href=\"https:\/\/jumpcloud.com\/blog\/comparing-jumpcloud-azure-ad-intune\">Intune<\/a> service fills this gap, but Microsoft services aren\u2019t mandatory. An open directory platform, such as JumpCloud <a href=\"https:\/\/support.jumpcloud.com\/s\/topic\/0TO1M000000EUwwWAG\/ad-integration\" target=\"_blank\" rel=\"noreferrer noopener\">integrates with AD<\/a> to perform this function, but could also manage devices without a domain controller being present.<\/p>\n\n\n\n\n<div class=\"promotion-banner-small is-flex-direction-column has-items-aligned-flex-start has-items-aligned-center-tablet\">\n    <div class=\"promo-small-image is-hidden-mobile\">\n        <img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/04\/Promos_GooglePartnership_290x175-SiteDisplay_GooglePartnershipPage-aspect-ratio-160-110.png\" alt=\"JumpCloud\">\n    <\/div>\n    <div class=\"promo-small-content\">\n        <p class=\"is-type-body-tiny is-type-weight-bold is-important promo-small-title\">\n                    <\/p>\n        <p class=\"is-type-body-default is-important\">\n            Securely connect to any resource using Google Workspace and JumpCloud.        <\/p>\n    <\/div>\n    <div class=\"promo-small-cta\">\n        <a href=\"https:\/\/jumpcloud.com\/leverage-jumpcloud-and-google-together\" data-promo=\"JumpCloud and Google Workspace\" class=\"button is-primary-green promo-small-banner-link\">Learn More<\/a>\n    <\/div>\n<\/div>\n\n\n\n\n<h3 class=\"wp-block-heading\">Patching<\/h3>\n\n\n\n<p>There have been over 1,000 patches released from Microsoft to date this year alone. Patch Tuesday has now become \u201cZero Day Tuesday.\u201d However, it\u2019s possible to deploy software using AD Group Policy, but it doesn\u2019t handle patching Windows systems throughout a domain (or even third-party applications) without a patching solution.&nbsp;<\/p>\n\n\n\n<p>Patching services may be cloud-based, such as <a href=\"https:\/\/jumpcloud.com\/platform\/patch-management\">JumpCloud&#8217;s Patch Management<\/a>, or on-premise servers. Patching OSs and apps (such as browsers) is vital to prevent <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-an-attack-vector\">Zero Day attacks<\/a> from being exploited.<\/p>\n\n\n\n<p>AD DS runs on Windows Server, which must be maintained and supported. Domain controllers contain data that determine access to an established network, making it a primary target for cyberattackers looking to corrupt or steal confidential information. It\u2019s even possible for attackers to elevate domain standard users accounts to <a href=\"https:\/\/www.crowdstrike.com\/blog\/how-to-detect-domain-controller-account-relay-attacks-with-crowdstrike-identity-protection\/\" target=\"_blank\" rel=\"noreferrer noopener\">become domain admins<\/a> without using malware on unpatched systems. Security tools such as BloodHound and Mimikatz are all that\u2019s required for the AD attack path.&nbsp;<\/p>\n\n\n\n<p>Standard endpoint detection and response (EDR) won\u2019t detect these intruders, and firewalls won\u2019t stop them. Given these risks, cybersecurity should be a paramount priority for all SMEs. Industry experts routinely recommend a <a href=\"https:\/\/jumpcloud.com\/use-cases\/zero-trust\">Zero Trust<\/a> posture.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Active Directory isn\u2019t Zero Trust.<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">Active Directory and Zero Trust Security<\/h2>\n\n\n\n<p>Microsoft has responded to these threats by updating AD\u2019s capabilities for better security, but the requisite setups and changes can be resource intensive or require its premium cloud services. Active Directory works best with on-prem networks and Windows-based environments. AD natively operates by establishing a network of trusted assets, known as a domain, which are protected by an AD domain controller, VPN, firewalls, and other controls.<\/p>\n\n\n\n<p>The objective is to create a strong perimeter to protect trusted resources from the open internet. As a result, external sources of network traffic (e.g., users) must first authenticate and ultimately be authorized to access internal domain resources such as systems and applications.<\/p>\n\n\n\n<p>Zero Trust security, on the other hand, is a security model that effectively eliminates the separation between an internal domain that\u2019s safe and the open internet that\u2019s dangerous. Rather, all sources of network traffic are viewed as potential attack vectors that must generate trust before they are authorized for user access \u2014 and with good reason too. Bad actors are now attacking traditional networks from inside and out, often bypassing perimeter-based security by targeting trusted assets. Thus, Zero Trust security is effective because it basically eliminates the concept of trusted assets (i.e., the domain) altogether. Users must prove who they are.<\/p>\n\n\n\n<figure class=\"image is-16by9\">\n<iframe class=\"has-ratio\" width=\"300\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/XcACG-vmsbI?rel=0\" frameborder=\"0\" allow=\"accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen=\"\"><\/iframe>\n<\/figure>\n\n\n\n<p>The next-generation <a href=\"https:\/\/jumpcloud.com\/blog\/better-alternative-active-directory\">Active Directory alternative<\/a> has been reimagined AD for the cloud era. Cloud directories connect users to their IT resources regardless of their platform, provider, protocol, and location. They\u2019ll also manage all your devices. Additionally, as an identity and access management (IAM) platform, cloud directories forgo the concept of the traditional domain. This provides users with <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-true-sso\">True Single Sign-On\u2122<\/a> access to virtually all of their IT resources. SMEs can leverage JumpCloud\u2019s open directory platform to manage identities wherever they reside with the assurance that it will help to deliver Zero Trust security.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Cloud Integration with IT Resources<\/h2>\n\n\n\n<p>The cloud directory integrates with the external identities and devices that AD doesn\u2019t support in addition to AD itself. This is made possible through the combination of modern IAM and SSO protocols, automated entitlements management, using MFA to verify users, and CA for privileged user management. You can manage your entire device fleet through JumpCloud.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Centrally Control Identities and Systems<\/h3>\n\n\n\n<p>JumpCloud can extend AD and AAD identities and agent-based control (or <a href=\"https:\/\/jumpcloud.com\/platform\/mdm\">MDM<\/a>) to all systems in a fleet, whether they\u2019re Apple, Android, Linux, or Windows devices. Unlike Microsoft, there\u2019s no additional cost to manage your non-Windows devices or Windows without a DC. JumpCloud can also serve as a standalone cloud directory or import identities from <a href=\"https:\/\/support.jumpcloud.com\/s\/article\/g-suite-user-import-provisioning-and-sync1\" target=\"_blank\" rel=\"noreferrer noopener\">Google<\/a> and <a href=\"https:\/\/support.jumpcloud.com\/s\/article\/ConfiguringOktaDelegatedAuthority\" target=\"_blank\" rel=\"noreferrer noopener\">Okta<\/a>.&nbsp;<\/p>\n\n\n\n<p>End users access their machines with their identity provider\u2019s credentials, and admins can enforce pre-built GPO-like policies on those machines, such as <a href=\"https:\/\/jumpcloud.com\/blog\/fde-compliance\">full disk encryption<\/a> or managing patches. No complex templates are required. SUDO-level permissions and a PowerShell module enable administrators to <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/the-jumpcloud-commands-gallery-2019-08-21-10-36-47\" target=\"_blank\" rel=\"noreferrer noopener\">perform commands<\/a> on any device, from CRUD operations to benchmark policies. A commands queue offers admins an easy-to-use dashboard for admins to see what commands they have awaiting execution on all their assigned devices and their status.&nbsp;<\/p>\n\n\n\n<p>Other key features include:<\/p>\n\n\n\n<ul>\n<li>Automatic high availability and redundancy. There\u2019s no need to license multiple servers or to create a service account that has access to a privileged AD group.<\/li>\n\n\n\n<li>Telemetry aggregated from devices, events, users, and cloud services with pre-built reports and reporting tools. You&#8217;ll even know which users are accessing SSO apps.<\/li>\n\n\n\n<li>Opt-in <a href=\"https:\/\/jumpcloud.com\/blog\/jumpcloud-introduces-remote-assist\">Remote Assist<\/a>, without the complexity of RDP or need to license a solution from a third party. This feature works across multiple operating systems.<\/li>\n\n\n\n<li>An optional decentralized <a href=\"https:\/\/jumpcloud.com\/platform\/password-manager\" target=\"_blank\" rel=\"noreferrer noopener\">password manager<\/a> and vault for your users.<\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/blog\/zero-touch-enrollment-macos\">Zero-touch Mac enrollment<\/a> is available and <a href=\"https:\/\/jumpcloud.com\/blog\/q4-2022-roadmap-webinar-recap#heading3\">Windows Out of the Box Experience<\/a> (OOBE) is upcoming to onboard remote workers.<\/li>\n\n\n\n<li>PowerShell <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/windows-commands-tab-policy---adding-a-printer2-2019-08-21-10-36-47\" target=\"_blank\" rel=\"noreferrer noopener\">command templates<\/a> to bind Windows PCs to your office printers without a print server.<\/li>\n\n\n\n<li>PKI as a service (coming soon), eliminating the need for a separate CA (certificate authority) Windows server role.<\/li>\n\n\n\n<li>The benefit of potentially <a href=\"https:\/\/jumpcloud.com\/blog\/how-to-use-jumpclouds-tco-calculator\">lowering your TCO<\/a>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Manage Wi-Fi and VPN Access<\/h3>\n\n\n\n<p>You don\u2019t need AD to access your network. Admins can achieve Cloud RADIUS functionality without additional on-prem infrastructure, and they can ensure users log into Wi-Fi networks (with <a href=\"https:\/\/jumpcloud.com\/blog\/untagged-vs-tagged-vlan\">VLAN tagging<\/a>) and VPN clients using the same core credentials they use to access their other resources. <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-delegated-authentication\">Delegated authentication<\/a> includes AAD credentials. Admins can enable Push or TOTP MFA, which is especially <a href=\"https:\/\/jumpcloud.com\/support\/authenticate-to-radius-with-mfa\">useful to secure VPN<\/a> access to internal network and on-prem resources from switches to servers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">SSO to Everything<\/h3>\n\n\n\n<p>The open directory platform builds the stack that you want. A web-based portal is used to access all the apps employees need to do their jobs with best-of-breed solutions. The portal serves as a security control to help eliminate phishing. Pre-built connectors are freely available for common apps. Supported protocols include:<\/p>\n\n\n\n<ul>\n<li>LDAP<\/li>\n\n\n\n<li>OIDC<\/li>\n\n\n\n<li>SAML\/SCIM<\/li>\n\n\n\n<li>RADIUS<\/li>\n<\/ul>\n\n\n\n<p>Long-standing workflows don\u2019t have to be scrapped in favor of cloud apps. <a href=\"https:\/\/jumpcloud.com\/blog\/map-windows-file-shares-using-jumpcloud\">Even Windows file sharing<\/a> is possible without a domain controller.<\/p>\n\n\n\n<p>Like AD, groups are used to manage access to your apps and resources. The difference is that they are <a href=\"https:\/\/jumpcloud.com\/blog\/the-immediate-advantages-of-attribute-based-access-control\">automated<\/a> with <a href=\"https:\/\/jumpcloud.com\/blog\/how-jumpclouds-hris-integration-works\">HRIS provisioning<\/a> included. Attribute-based access control (ABAC) reduces the risk of human error and eliminates the heavy administrative overhead that\u2019s necessary to keep AD privileges and users up to date.&nbsp;<\/p>\n\n\n\n<p>Boundaries matter less.&nbsp;<\/p>\n\n\n\n<p>This setup also eliminates the need for complex server management and AD\u2019s global catalog. For instance, specifying an office location could be as simple as creating a directory group assignment.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Integrated MFA and Conditional Access<\/h3>\n\n\n\n<p>AD is reliant upon a single factor. MFA is environment wide in the open directory platform. Optional conditional access policies can further restrict access to trusted devices, by geolocation, and more for privileged users. JumpCloud doesn\u2019t charge for MFA for external identities; Microsoft\u2019s AAD does. Microsoft limits CA to AAD P1, P2, and requires integrations for AD. AD doesn\u2019t have these capabilities and must be morphed into something it\u2019s not in order to satisfy modern requirements.<\/p>\n\n\n\n<p>In contrast, there\u2019s far less complexity, labor, and cost when the domain controller is left out of the equation. In addition, there\u2019s a greater opportunity to protect identities. JumpCloud secures identities (and aligned devices) even further with extended detection and response (XDR) integrations from the security vendors of your choosing. Microsoft only makes its security services first-class citizens.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Utilizing an Open Directory Platform<\/h2>\n\n\n\n<p>Organizations have already been moving their operations to managed services in the cloud to save the cost and time of maintaining an on-prem domain controller and server rooms. <\/p>\n\n\n\n<p>The journey begins by <a href=\"https:\/\/support.jumpcloud.com\/s\/article\/Configuring-the-Active-Directory-Integration\" target=\"_blank\" rel=\"noreferrer noopener\">integrating JumpCloud with AD<\/a>. An open directory platform frees up time and money for IT admins looking to manage a variety of systems and applications from one built-in service. Budget can be allocated toward <a href=\"https:\/\/jumpcloud.com\/blog\/it-project-prioritization\">higher priorities<\/a>, such as Zero Trust, especially during leaner economic times.<\/p>\n\n\n\n<p>You can <a href=\"https:\/\/console.jumpcloud.com\/signup\" target=\"_blank\" rel=\"noreferrer noopener\">trial JumpCloud for free<\/a>.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An open directory platform can perform the role of Active Directory for all devices and identities, or extend it.<\/p>\n","protected":false},"author":150,"featured_media":42729,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[2337],"tags":[2441,2398,2467,2608,2391,2374],"collection":[2779],"platform":[],"funnel_stage":[3016],"coauthors":[2535],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Active Directory Without a Server - JumpCloud<\/title>\n<meta name=\"description\" content=\"An open directory platform can perform the role of Active Directory for all devices and identities, or extend it.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Active Directory Without a Server\" \/>\n<meta property=\"og:description\" content=\"An open directory platform can perform the role of Active Directory for all devices and identities, or extend it.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-05T15:52:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-11-08T21:45:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/11\/ad-without-server-1.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"780\" \/>\n\t<meta property=\"og:image:height\" content=\"599\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"David Worthington\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Worthington\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server\"},\"author\":{\"name\":\"David Worthington\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\"},\"headline\":\"Active Directory Without a Server\",\"datePublished\":\"2022-12-05T15:52:31+00:00\",\"dateModified\":\"2024-11-08T21:45:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server\"},\"wordCount\":2845,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/11\/ad-without-server-1.jpeg\",\"keywords\":[\"conditional access\",\"IAM\",\"mdm\",\"MFA\",\"SSO\",\"zero trust\"],\"articleSection\":[\"Remote Work\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server\",\"url\":\"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server\",\"name\":\"Active Directory Without a Server - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/11\/ad-without-server-1.jpeg\",\"datePublished\":\"2022-12-05T15:52:31+00:00\",\"dateModified\":\"2024-11-08T21:45:14+00:00\",\"description\":\"An open directory platform can perform the role of Active Directory for all devices and identities, or extend it.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/11\/ad-without-server-1.jpeg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/11\/ad-without-server-1.jpeg\",\"width\":780,\"height\":599,\"caption\":\"wires plugged into a server\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Active Directory Without a Server\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\",\"name\":\"David Worthington\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"caption\":\"David Worthington\"},\"description\":\"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\",\"david.worthington@jumpcloud.com\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Active Directory Without a Server - JumpCloud","description":"An open directory platform can perform the role of Active Directory for all devices and identities, or extend it.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server","og_locale":"en_US","og_type":"article","og_title":"Active Directory Without a Server","og_description":"An open directory platform can perform the role of Active Directory for all devices and identities, or extend it.","og_url":"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server","og_site_name":"JumpCloud","article_published_time":"2022-12-05T15:52:31+00:00","article_modified_time":"2024-11-08T21:45:14+00:00","og_image":[{"width":780,"height":599,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/11\/ad-without-server-1.jpeg","type":"image\/jpeg"}],"author":"David Worthington","twitter_card":"summary_large_image","twitter_misc":{"Written by":"David Worthington","Est. reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server"},"author":{"name":"David Worthington","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e"},"headline":"Active Directory Without a Server","datePublished":"2022-12-05T15:52:31+00:00","dateModified":"2024-11-08T21:45:14+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server"},"wordCount":2845,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/11\/ad-without-server-1.jpeg","keywords":["conditional access","IAM","mdm","MFA","SSO","zero trust"],"articleSection":["Remote Work"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server","url":"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server","name":"Active Directory Without a Server - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/11\/ad-without-server-1.jpeg","datePublished":"2022-12-05T15:52:31+00:00","dateModified":"2024-11-08T21:45:14+00:00","description":"An open directory platform can perform the role of Active Directory for all devices and identities, or extend it.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/11\/ad-without-server-1.jpeg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/11\/ad-without-server-1.jpeg","width":780,"height":599,"caption":"wires plugged into a server"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/active-directory-without-a-server#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Active Directory Without a Server"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e","name":"David Worthington","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411","url":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","caption":"David Worthington"},"description":"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.","sameAs":["https:\/\/jumpcloud.com\/blog","david.worthington@jumpcloud.com"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/42727"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/150"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=42727"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/42727\/revisions"}],"predecessor-version":[{"id":117231,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/42727\/revisions\/117231"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/42729"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=42727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=42727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=42727"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=42727"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=42727"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=42727"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=42727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}