CJ on Tech

Microsoft released Active Directory with Windows 2000 Server. It has been around for almost 24 years. In those 24 years 90% of companies globally use it today. “But AD is dead”, “It’s going away!”, both things I have heard frequently this past year. It isn’t dead yet, and from where I sit, it isn’t going anywhere, anytime soon.

Microsoft recently announced Windows Server vNext would include several enhancements for ADDS and AD LDS (Active Directory Lightweight Directory Services). Enhancements including new functional level, database page size, and security improvements. I will save the specifics for another post.

But is AD dead? In my humble opinion, no. Aside from the broad use of AD world-wide, I’d like to suggest other reasons it will be around for quite some time.

The obvious reason is applications. Many software vendors still provide instructions that Domain Admin is required for installation. This is rarely actually the case and vendors simply don’t provide the specific details about what permissions are necessary. A keytab file (can be generated by a Domain Admin separately), local admin access (by default domain joined systems add the Domain Admins group to the local administrators) are common reasons. In short, this is a simple way to get admin permissions without noting the specific granular details of what is actually required for the software installation.

A less obvious reason that I experienced first-hand in a previous role, also application related, is there are tons of old, sometimes barely maintained applications that have no ability to authenticate via Azure, let alone use AD and rely solely on poorly implemented forms of LDAP. LDAP itself is fine and has it’s place, but this communication needs to be secure as well (LDAPS).

One few may think about is simply cloud functionality. First, the cloud is awesome for many workloads. There are things that belong in the cloud, websites, and email just for starters. However, think about manufacturing workloads? Does it really make sense to have a manufacturing facility depend on connectivity to the cloud? Automate the production of parts for a vehicle, absolutely. Move that automation to the cloud? How well is that going to work when the facilities connection goes down? A good example of why this isn’t good; a company decides to build a new IT facility, the local electric utility accidentally damages an underground fiber optic connection during work to deliver services to a customer. While you may believe that this isn’t likely, I can reference multiple instances of this happening. A local cellular tower near me was out of service for months because a contractor doing work nearby cut the electric service to the tower with a backhoe.

Again, cloud is good for many things, but not all.

The number of reasons why AD will continue to be around is long. There are always going to be legacy applications and workloads, cost limitations, and protocol challenges that AD can still be a viable solution. This doesn’t begin to address the challenges of migrating applications and services to the cloud. For many companies, this is a very large and complex task. I am also aware of a couple organizations who brought all there cloud applications back on-prem, including AD just for the cost alone. On-prem turned out to be cheaper.

In the end, while I have no way to predict how long Active Directory will be around, it won’t be anytime soon, and any chance of it actually going away will have years of notice.