Is local AD still needed when moving to the cloud?

Local AD and Azure AD

In a traditional AD, local servers control the registry - for access to user accounts, for example. Administering this requires IT technicians to configure and maintain your AD; either an internal IT resource or external consultants. Azure AD is also an Active Directory but the servers are managed by Microsoft which means that no internal IT expertise or local equipment is required.

For all Office 365 users, objects are created in Azure AD. This means that if your organization already has a traditional AD in the on-premises environment and also uses Office 365, Azure AD objects are created for the same user accounts that already exist on the on-premises AD. This creates two parallel directories - one that controls the cloud services and one that controls the on-premises services. In order for these two directories to coexist, Azure AD Connect allows you to connect the environments. The local environment then sends information about the objects to Azure AD so that the directories are kept in sync.

Local AD can slow down development

As with all cloud services, Microsoft is rolling out a variety of features for Azure AD. The value provided by these added features for Azure AD can never be realized in your on-premises AD server because it is static and does not support them. In the long run, this will be a hindrance to your own development as Azure AD develops as its own ecosystem.

In essence, there is nothing that prevents a phase-out of your traditional AD, but since Azure AD does not control rights locally, you still need a traditional AD as long as you have data stored on file servers and other local resources. When your data is fully in the cloud, however, the rights will be controlled entirely from your Azure AD. In this way, a traditional AD will eventually not be needed and therefore more people should work on a strategy to eventually phase out their traditional AD.

Why your local AD should be phased out

So why should local AD be phased out? Well, because someone has to be responsible for operations, maintenance, upgrades and so on. An administrative resource is simply required that is not needed in Azure AD. In addition, an on-premises AD means that you are holding back the digital development of your business and opportunities for increased productivity.

Often this is a gradual process that requires a technical review of the barriers to moving to Azure AD fully and the impact on users and the environment. Some applications may run on a local server because they are not yet compatible in the cloud. Many will therefore over time have a need for on-premises AD because, for example, they have a business system that is not yet cloud-based.

In the past, phasing out traditional AD has been met with resistance, especially from IT departments who have seen it as a security risk. But with new security services being developed in the cloud, more and more people are being pushed towards migrating their Active Directory to take advantage of new security solutions that are not even available locally.

In collaboration with you as a customer, we at WeSafe identify the functional needs that exist and match them with the services available in the cloud versus what you have today. Then we develop a plan to move gradually and connect devices to Azure AD instead of local AD. It is a process that takes place in different steps and is primarily about strategically positioning yourself so that you can quickly move to working fully in the cloud when you are ready for it.

Want to know more? Get in touch with us!