For over 15 years, companies have been deploying Microsoft’s Active Directory. More than just a mere directory services, it has been the cornerstone that all other Microsoft technologies have depended upon for authentication, as well as user, group and computer management. However, as companies move more applications to the cloud and embrace hybrid environments, their need to manage this mixture of environments changes the need for this technology. One of my customers, who have wholly moved their applications to Concerto’s fully-managed cloud services, was left with one technology to manage: Active Directory. Which brings us to the bigger question: What purpose will AD serve in the future?
Azure AD - The New Kid on the Block
Microsoft Azure AD allows for a directory service of sorts for our modern cloud based applications. Solutions like Office 365, CRM Online, and even third party solutions like Salesforce.com can leverage Azure AD for user management and authentication. But Azure AD still doesn’t, and probably never will support legacy client server based applications.
Quite frankly, it doesn’t need to. As more and more organizations migrate their line of business applications to private cloud providers, the organizations become less dependent on AD because the cloud provider generally houses the applications in a separate AD forest.
Don’t get me wrong, I love Active Directory. It has enabled me to have a successful career consulting the design and migration of large, complex environments. I’m sure I’ll miss the nights and weekends working with the Active Directory Migration Tool (ADMT) and the user profile mapping issues. (Or maybe not). In 2016, it’s time we stop planting our AD forests, at least in mid-size organizations.
There’s got to be a better way!
Let’s look at a typical mid-size business, a 200 employee manufacturing organization. They’ve migrated communications to the cloud with Office 365’s Exchange online. Document management has shifted from corporate file structures, to a combination of SharePoint online and OneDrive for business. They use Dynamics CRM and are running in Microsoft’s CRM public cloud offering (Microsoft CRM Online). Their ERP system and Warehouse Management System run in a private cloud. The only servers this organization has left are two Domain Controllers and a WSUS server, to handle the workstation updates.
At this point, Active Directory is almost pointless. It’s used for workstation authentication only. My recommendation is that this organization adopts Microsoft Windows Intune and leverage it for workstation management. Intune can control updates, local policies, and deploy company controlled applications.
But, what if Microsoft allowed you to control this via Azure AD also? Microsoft has already enabled authentication based on a Microsoft account (Hotmail, live.com or outlook.com email address). Redmond, if you are reading this, how long will it be until we can enable this in Azure AD? Once this development is released, it will truly be the end of an era for Microsoft’s Active Directory.