Is Active Directory Domain Services dead?
Yes….and well no……
In the age of Cloud everything, Active Directory Domain Services (ADDS) can feel like an anachronism. It’s on-premises, requires workarounds to connect to anything cloud based and comes from a time when everyone worked in the same office.
But……
We live in the real world, and the old sayingadage ‘if it ain’t broke don’t fix it’ applies. There are literally thousands of applications and services in use today dependent on ADDS. Not only dependent – do not work with any other identity provider!
As always the internet has strong views on this, and a few days a go there was an interesting thread on reddit.com/r/msp (https://www.reddit.com/r/msp/comments/r3gzrk/is_onprem_adds_dead/)
The arguments for it’s dead:
It’s clearly the direction MS is going. And there are many clients (on the smaller size) which are just fine with AAD only. But I’d say it does not currently offer a complete replacement.
Assess intelligently.
User Wasabiiii rightly points out this is the way Microsoft is heading. For a long time now Azure Active Directory has been a mature product, with a lot of capability. In the SMB world (especially if they are starting from scratch) going Azure AD only makes sense.
SharePoint Online is that replacement. My current job is going through a replacement of all file servers globally for SPO. For my client, I have them using SPO explicitly since they are completely cloud via AAD.
User g1ng3rbreadMan calls out that in a smaller environment (and some larger ones) the real use case for ADDS is local file shares. With SharePoint online and OneDrive this is less relevant for a lot of use cases.
We’re a mid sized MSP and over 80% of our client base is on Azure AD.
Not saying there is no use for on-prem ADDS, but it’s use cases are slowly getting less and less. If you’re not adopting Azure AD you’re really missing out and are sticking to old solutions.
User Refuse_ makes the case that use cases are decreasing day by day. Active Directory Domain Services is legacy, and while still used, will fade.
The Argument for No:
Heavens no. There are still tons of Active Directory integrated LOB apps that need to be on premise. Some environments can run with pure AAD, some as a hybrid AAD and ADDS, and for some it only makes sense to run pure ADDS. Every environment needs to be evaluated individually.
User HappyDadOfFourJesus calls out LOB apps. While it’s true many are moving to SaaS versions themselves, or updating to support more forms of Identity Management, there are thousands that are not. In fact there are hundreds of apps that are end of life, and the company that created them gone bust that are still used by thousands of companies in production today.
The thing you’re going to quickly learn starting an MSP is that whilst the industry has a “everyone is on Windows 10, Server 2019, hosted in Azure” position, half the businesses you walk into are running Windows 2012 servers. There will be Windows 2008 still in production. There will be Windows 7 desktops they call “critical”. There will be key business applications that have requirements like “Requires SMBv1”.
User disclosure5 rightly calls out the difference between the real world where software and machines hang around for (a lot) longer than vendors recommend. If your business isn’t IT and it’s working why would you change? Gradual modernisation is the watchword here, and Active Directory Domain Services are a key requirement.
I’m in the process of converting two customers from on-prem to cloud-only. This only works for them for a few reasons.
The no longer have any need for on-prem LOB applications. They have all been migrated to the cloud, or removed.
They have a dispersed staff, with no real need for centralized offices.
Their application stack is light enough that the cloud-native versions don’t balloon their IT budget to 3x their on-prem.
For all of my other clients, we are still supporting and installing on-prem infrastructure, and that’s not changing any time soon.
User BrushaTeef calls out cost as a factor. For many organisations moving to the cloud and Azure AD isn’t just about ADDS, it’s about everything. If your LoB application stack is on-premises and largely paid for moving towards a pure play SaaS stack can be a big change in cost structure.
The entire thread is worth a read here: https://www.reddit.com/r/msp/comments/r3gzrk/is_onprem_adds_dead/
So what do we think?
Azure AD, and similar cloud identity providers are clearly the future. However like everything that is ‘the future’ what is the past (ADDS) will still be around for a long, long time to come.
If you are starting out as an MSP, or advising customers who are just starting out, investing in the cloud is the right way to go. As you grow and the customers you bring on are larger you will find that ADDS is required, and you will need to have skills to manage both types of customer and environment, as well as hybrid ones.
Atria can help with this by providing you a single portal, and single UI and process experience that manages on-premises Active Directory, cloud with Azure AD and hybrid customers. This means your helpdesk has one process to follow, and one place to do it, no matter the back end setup. Easy, fast and they don’t need to know the complexities of every environment.
Learn more here: AD Management page