Why It’s Time to Break Up with Active Directory

Do you still use a cell phone designed in 1999? Would you risk letting your teenager drive a 20-year-old car with 20-year-old airbags? Probably not.

In an era of innovation and disruption, leading companies pride themselves on constantly adopting new and better technologies. So why is it that some of those same enterprises continue to rely on Microsoft’s 20-year-old Active Directory (AD)? You deserve better than Active Directory. Here’s why.

Thinking back to when we first met

Active Directory was first launched as a capability of Windows 2000 Server, and has underpinned Windows Server and Microsoft Exchange ever since. AD was designed to simplify access between Windows servers, desktops, and Microsoft business apps, providing easy access for file shares, printers and applications like SharePoint. While often tricky to implement, scale and support, AD allowed IT admins to easily manage permissions between Microsoft operating systems. It also offered a central directory for many corporate applications, storing user and device information such as passwords and email addresses. The problem is that AD was designed and optimized to work chiefly with Microsoft environments. This continues to this day, limiting your ability to support the modern IT workplace.

In today’s enterprise, the digital environment is more diverse than ever. Where AD used to be at the center of the enterprise with mostly Microsoft solutions, organizations now interact with countless new technologies and devices. These interactions must also safely extend access to contractors, partners and customers. Active Directory simply hasn’t evolved enough to keep up.

It’s not you—it’s AD

More and more organizations are adopting best of breed cloud applications like Salesforce, Slack, Zoom and Box. While AD works great with Microsoft services, this change in the IT landscape is causing problems in terms of access management. As users demand access to a broader set of applications, they need a new way to securely connect to those applications, whether at work or on the go.

Active Directory was built to operate in environments with Windows-based PCs on desktops and Windows servers, all connected through a private corporate network. But today’s enterprise consists of laptops moving between networks with ease, and smartphones that are rarely connected to the corporate WiFi. File servers today are no longer traditional server message block (SMB) shares. Instead, services like Box and Google Drive allow for cloud-based storage with improved collaboration features.

Another area where AD held traditional importance was with printer networking. But the reduced need for printers in the modern workplace, along with the increased capabilities of modern printers (built in WiFi, access controls, on-board printer server, etc.), AD is no longer a requirement for optimal printer management.


In essence, where the enterprise has expanded, AD has remained static. Consequently, support for many of these new use cases requires more Microsoft software (such as Active Directory Federated Services (ADFS), Microsoft Identity Manager (MIM), or Active Directory Access Manager (ADAM)), and/or 3rd-party add-ons. The same goes for adding only a few cloud-based applications—AD requires extra software and complex network connectivity. It also requires key components of authentication in your on-premises environment, when the goal for modern companies should be to embrace cloud infrastructure.

Building more on-premises servers increases the burden for IT teams and opens the door to security vulnerabilities. To make matters worse, AD was designed around the concept of domains and trusts with organizational units. So, as businesses grow and acquire new companies, AD is becoming a sprawling burden of servers, requiring further software investments to manage them all.

All of these problems result in extra costs such as maintaining the AD infrastructure, extra software required to manage it all, resource costs, and time spent by the IT organization. These costs have spurred IT teams to happily move apps into the cloud, enjoying huge reductions in time and money.

The evolving IT ecosystem is moving on

Growing cloud adoption over the last decade has led organizations to rethink how they tackle identity, authentication, security, and access. AD’s primary functions have been replaced by modern HRMS, IDaaS, and Enterprise Mobility Management solutions and, while IT still spends huge amounts of time trying to maintain it, several industry trends are chipping away at its hold over the enterprise.

As Apple and Android devices increasingly dominate the marketplace, modern businesses have no choice but to support bring-your-own-device (BYOD) policies. So IT has to manage all types of devices, from tablets and smartphones to smartwatches—none of which can be natively managed in AD.

Today’s enterprises are comprised of more virtual, remote, and contract workers than ever before, increasing the complexity of user accounts and devices they need to manage. Yet the types of accounts companies are managing go way beyond employees and third parties accessing internal applications. More and more businesses are managing identities for their customers using new web-based technologies, which struggle to integrate with the old protocols exposed by AD. Businesses are employing developers who expect to use web-based REST APIs to interact with services that underlie their applications, something AD does not support.

You don’t need AD to succeed

AD is a thing of the past—that’s clear. The good news? There are modern alternatives that can help your business meet its forward-thinking efforts. Shifting to a cloud-based identity platform will revolutionize your authentication and authorization processes, and transform the way your business manages users and devices.

Eliminating your reliance on AD can significantly improve your company’s technology infrastructure, increase agility, productivity, and scalability while reducing operational costs and freeing up IT resources. So, it’s time to break up with AD. In the weeks ahead, we’re going to explain exactly what you gain from minimizing or eliminating AD, the most efficient way to do that, and all the steps to start your journey.

To learn how Okta can help your business move away from the limitations of Active Directory, download our eBook, Rethink Active Directory.