Active Directory (AD) is Microsoft’s on-premises solution for managing network access, including user logins, profiles, hierarchies, and devices. It’s been an industry standard for over twenty years. Most organizations currently using Microsoft Office are also using Active Directory.
Azure – the company’s SaaS product for building and managing Microsoft solutions in the cloud – was released in 2010, with Azure AD being the cloud counterpart to Active Directory. Since then, IT peeps have been wondering if Azure AD will eventually render the OG AD obsolete.
Is Azure AD an exact cloud replica of Microsoft Active Directory? Or is it something different altogether? Let’s take a look at both solutions and see if Azure AD is actually capable of replacing the on-premise version.
Active Directory (AD) vs. Azure AD
As the name implies, Active Directory is an on-premise database directory that acts as a detailed catalog of every computer, printer, laptop, server, application, group, and user linked to an organization’s network. Using a domain controller, Kerberos, NTLM, and LDAP, Active Directory monitors and authenticates sign-ins and access levels for all employees.
Azure AD is a cloud version of Microsoft AD used to authenticate logins for cloud applications and allows for single-sign-on access to other commonly used SaaS apps such as Slack and Salesforce. However, Azure AD is not a domain controller. Therefore, it does not have the full capability of the original Active Directory. Servers cannot be added to Azure AD. There is no group policy function with Azure AD. No support is available for Kerberos, LDAP, or NTLM. You can synchronize your current on-premise AD to Azure AD, but there isn’t a migration path from one to the other.
Azure AD can work in tandem with Microsoft AD to manage access to SaaS and other cloud applications, but it cannot handle your on-premise operations. The exception to this would be if your business is utilizing cloud-based applications exclusively and has no real on-premises operations (i.e., the entire workforce is remote.) Then you could get away with just using Azure AD.
So, can Azure AD fully replace the on-premise version?
The short answer is no. Not yet anyway. Azure AD is not actually a cloud replica of the original.
Replace is the key here – it is possible to replace on-premises AD with Azure AD as long as you don’t have legacy applications that require a local domain controller. It’s also possible to replace some Group Policy functionality with Microsoft InTune. In many cases, when a company goes through a divestment (splitting into multiple, separate companies), the new environments can be Azure AD only as they can setup as greenfield and don’t need to bring forward the on-premise infrastructure. There are also scenarios where it’s desirable to move away from on-premise infrastructure and Microsoft 365 and Azure AD allow you to do that.
Until you can go 100% cloud, your best bet is to use the two solutions together to handle access-management for both cloud and on-premise applications.