Our systems detected an issue with your IP. If you think this is an error please submit your concerns via our contact form.

Infrastructure Operations icon

Legacy Active Directory Environment

Kill the technical debt of your legacy Active Directory environment.

You are looking to lose your dependency on Active Directory (AD), and you need to tackle infrastructure technical debt, but there are challenges:

  • Legacy apps that are in maintenance mode cannot shed their AD dependency or have hardware upgrades made.
  • You are unaware of what processes depend on AD and how integrated they are.
  • Departments invest in apps that are integrated with AD without informing you until they ask for Domain details after purchasing.

Our Advice

Critical Insight

  • Remove your dependency on AD one application at a time. If you are a cloud-first organization, rethink your AD strategy to ask “why” when you add a new device to your Active Directory.
  • With the advent of hybrid work, AD is now a security risk. You need to shore up your security posture. Think of zero trust architecture.
  • Take inventory of your objects that depend on Kerberos and NTML and plan on removing that barrier through applications that don’t depend on AD.

Impact and Result

Don’t allow Active Directory services to dictate your enterprise innovation and modernization strategies. Determine if you can safely remove objects and move them to a cloud service where your Azure AD Domain Services can handle your authentication and manage users and groups.


Legacy Active Directory Environment Research & Tools

1. Legacy Active Directory Environment Deck – Legacy AD was never built for modern infrastructure. Understand the history and future of Active Directory and what alternatives are in the market.

Build all new systems with cloud integration in mind. Many applications built in the past had built-in AD components for access, using Kerberos and NTLM. This dependency has prevented organizations from migrating away from AD. When assessing new technology and applications, consider SaaS or cloud-native apps rather than a Microsoft-dependent application with AD ingrained in the code.


Legacy Active Directory Environment

Kill the technical debt of your legacy Active Directory environment.

Analyst Perspective

Understand what Active Directory is and why Azure Active Directory does not replace it.

It’s about Kerberos and New Technology LAN Manager (NTLM).

The image contains a picture of John Donovan.

Many organizations that want to innovate and migrate from on-premises applications to software as a service (SaaS) and cloud services are held hostage by their legacy Active Directory (AD). Microsoft did a good job taking over from Novell back in the late 90s, but its hooks into businesses are so deep that many have become dependent on AD services to manage devices and users, when in fact AD falls far short of needed capabilities, restricting innovation and progress.

Despite Microsoft’s Azure becoming prominent in the world of cloud services, Azure AD is not a replacement for on-premises AD. While Azure AD is a secure authentication store that can contain users and groups, that is where the similarities end. In fact, Microsoft itself has an architecture to mitigate the shortcomings of Azure AD by recommending organizations migrate to a hybrid model, especially for businesses that have an in-house footprint of servers and applications.

If you are a greenfield business and intend to take advantage of software, infrastructure, and platform as a service (SaaS, IaaS, and PaaS), as well as Microsoft 365 in Azure, then Azure AD is for you and you don’t have to worry about the need for AD.

John Donovan
Principal Director, I&O Practice
Info-Tech Research Group

Insight Summary

Legacy AD was never built for modern infrastructure

When Microsoft built AD as a free component for the Windows Server environment to replace Windows NT before the demise of Novell Directory Services in 2001, it never meant Active Directory to work outside the corporate network with Microsoft apps and devices. While it began as a central managing system for users and PCs on Microsoft operating systems, with one user per PC, the IT ecosystem has changed dramatically over the last 20 years, with cloud adoption, SaaS, IaaS, PaaS, and everything as a service. To make matters worse, work-from-anywhere has become a serious security challenge.

Build all new systems with cloud integration in mind

Many applications built in the past had built-in AD components for access, using Kerberos and NTLM. This dependency has prevented organizations from migrating away from AD. When assessing new technology and applications, consider SaaS or cloud-native apps rather than a Microsoft-dependent application with AD ingrained in the code. Ensure you are engaged when the business is assessing new apps. Stop the practice of the business purchasing apps without IT’s involvement; for example, if your marketing department is asking you for your Domain credentials for a vendor when you were not informed of this purchase.

Hybrid AD is a solution but not a long-term goal

Economically, Microsoft has no interest in replacing AD anytime soon. Microsoft wants that revenue and has built components like Azure AD Connect to mitigate the AD dependency issue, which is basically holding your organization hostage. In fact, Microsoft has advised that a hybrid solution will remain because, as we will investigate, Azure AD is not legacy AD.

Executive Summary

Your Challenge

Common Obstacles

Info-Tech’s Approach

You are looking to lose your dependency on Active Directory, and you need to tackle infrastructure technical debt, but there are challenges.

  • Legacy apps that are in maintenance mode cannot shed their AD dependency or have hardware upgrades made.
  • You are unaware of what processes depend on AD and how integrated they are.
  • Departments invest in apps that are integrated with AD without informing you until they ask for Domain details after purchasing.
  • Legacy applications can prevent you from upgrading servers or may need to be isolated due to security concerns related to inadequate patching and upgrades.
  • You do not see any return on investment in AD maintenance.
  • Mergers and acquisitions can prevent you from migrating away from AD if one company is dependent on AD and the other is fully in the cloud. This increases technical debt.
  • Remove your dependency on AD one application at a time. If you are a cloud-first organization, rethink your AD strategy to ask “why” when you add a new device to your Active Directory.
  • With the advent of hybrid work, AD is now a security risk. You need to shore up your security posture. Think of zero trust architecture.
  • Take inventory of your objects that depend on Kerberos and NTML and plan on removing that barrier through applications that don’t depend on AD.

Info-Tech Insight

Don’t allow Active Directory services to dictate your enterprise innovation and modernization strategies. Determine if you can safely remove objects and move them to a cloud service where your Azure AD Domain Services can handle your authentication and manage users and groups.

The history of Active Directory

The evolution of your infrastructure environment

From NT to the cloud

AD 2001 Exchange Server 2003 SharePoint 2007 Server 2008 R2 BYOD Security Risk All in Cloud 2015
  • Active Directory replaces NT and takes over from Novell as the enterprise access and control plane.
  • With slow WAN links, no cellphones, no tablets, and very few laptops, security was not a concern in AD.
  • In 2004, email becomes business critical.
  • This puts pressure on links, increases replication and domains, and creates a need for multiple identities.
  • Collaboration becomes pervasive.
  • Cross domain authentication becomes prevalent across the enterprise.
  • SharePoint sites need to be connected to multiple Domain AD accounts. More multiple identities are required.
  • Exchange resource forest rolls out, causing the new forest functional level to be a more complex environment.
  • Fine-grained password policies have impacted multiple forests, forcing them to adhere to the new password policies.
  • There are powerful Domain controllers, strong LAN and WAN connections, and an increase in smartphones and laptops.
  • Audits and compliance become a focus, and mergers and acquisitions add complexity. Security teams are working across the board.
  • Cloud technology doesn’t work well with complicated, messy AD environment. Cloud solutions need simple, flat AD architecture.
  • Technology changes after 15+ years. AD becomes the backbone of enterprise infrastructure. Managers demand to move to cloud, building complexity again.
Legacy Active Directory Environment preview picture

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Talk to an Analyst

Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.

Book an Analyst Call on This Topic

You can start as early as tomorrow morning. Our analysts will explain the process during your first call.

Get Advice From a Subject Matter Expert

Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and set the direction for your next project step.

Unlock Sample Research

Author

John Donovan

Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019