I know that the utter mention of this will have technology experts and engineers stand and take a position on this.
Recently I was asked by a Business investor on whether they should invest in a company that specialises in automating the task of moving profiles and data off machines onto other machines seamlessly.
It made me think about the future of user profiles and where things are going in the world of domain profiles and group policies and what the world will look like in 5 years’ time. What would the de facto operating model look like based on the current speed of advancements in the cloud space?
I come from the Novell days of NDS and have seen Microsoft take a complete strangle hold on that market for the best part of my career and cannot see that changing shortly. There are no official statistics that I could find but we can rest assured that the majority of organisations worldwide use AD.
With the release of Azure AD, are things slowly changing and Microsoft just building up their capabilities in the cloud to slowly force organisations to move to the cloud?
With technologies like Microsoft Intune and conditional access and the ability to push policies to mobile devices and Windows 10 devices to control the user and device behaviour, is that not group policies in the cloud?
What about Enterprise state roaming that allows user settings to roam with their devices, is that not an early indication of the death of on premises roaming profiles which were the bane of all NT system administrators lives?
Under Microsoft’s cloud based AD premium subscription service in conjunction with Microsoft Intune and Windows 10, you can even join a machine to the domain without the machine even being physically on the same network as your on premises Active Directory controller.
Microsoft even released a short while back Domain services where you can stand up virtual servers in the cloud and allow it to join to a Domain service to a function which talks to our on premises domain controllers.
Ok, for you on-premises purists the functionality is limited in comparison, but did you not say that about Exchange online? And do Business leaders care that you cannot do this functionality or not run this PowerShell script?
Some organisations will simply shy away from wanting to move their user accounts and computers into the cloud. Well, that’s what I thought, but in came AD sync which is now known as AD connect and user account details can be synched to the cloud tenant albeit their passwords which are reverse hashed. Only recently Microsoft allowed the use of more dynamic group memberships in the Azure tenant as well.
I would say that Active directory is here to stay in the short term especially for larger enterprises that have complex inter dependencies such as multi forest domains. However, it would be a wise move for existing IT professionals to start understanding how Azure AD works since that’s the way things are moving in my opinion.
I can quite easily see Microsoft detangling on premises active directory to the extent that the main primary authentication service will be Azure AD and the likelihood of a local on premises relay or read only domain controller working in a hybrid fashion.
For smaller business, it’s a no brainer, in my opinion, to move their authentication into the cloud and to leverage enhanced authentication methods such as Multi factor authentication and the great machine learning capabilities within AD premium.
In summary, I believe Active Directory is here to stay for the foreseeable future especially amongst larger enterprises. Though I would not be surprised with Microsoft slowly putting in more features and capabilities to Azure AD as a slow and subtle way for organisations to get used to the idea of managing their identities and devices in the cloud.
As we know the great advantage of the cloud is that innovation and enhancements happen much faster than on premises technologies. So the emphasis will be on Microsoft’s part to innovate and grow in the cloud space than on on-premises technologies.
Interested to hear your views on this development.