On this site AD stands for Microsoft’s Active Directory, a directory service / authentication mechanism installed on many networks around the world. I am referring to the traditional on-premise AD, not Azur’s cloud-based version. The terms AD and Active Directory will be used interchangeably on this site.
If you are not familiar with Active Directory – also called Active Directory Domain Services – have a look here where it is explained by its creator or check out this 30,000 feet overview.
Why retire it?
Because it’s a technology 20 years in the works, designed primarily to control access to on-premise network resources, that struggles to integrate into the cloud-based world to enable employees that work from anywhere.
So what’s the big deal of getting rid of it?
For starters Active Directory is the de-facto standard for directory services and authentication in the IT world for the last 20 years. As such it is deeply integrated into many corporate networks, controlling user access to resources like file servers, email or database applications. It is intertwined with many 3rd party systems and software that have made their way into the network over the years. (Corporate) computer users (as well as IT personnel sometimes) often only realize the amount of dependency on Active Directory when something goes wrong with it or it becomes unavailable.
Removing it is somewhat equivalent to pulling out a 20 year old tree who’s roots are entangled with all other kind of plants in your yard and possibly even the neighbor’s property.
Or, on a personal level, think of changing your name and contemplate how this would affect access to all your current possessions, savings, etc. as well as the necessary changes to your official documents and the associated paper trail.
Who is this for?
Anyone who is interested. When I started to contemplate the removal of Active Directory from our corporate network I did not find much information in terms of real-world examples at the time. Maybe I did not look well enough (very possible), but I also wanted to put my experiences down, so it might be helpful to somebody else. And at the very least it’s a blogging and learning experience for myself.
The blog part of this site is the chronological documentation of the steps our IT team of 2 has taken to remove Active Directory from a network of 60 users, along with insights, results as well as some setbacks during the process.
What this is not
This site is not about convincing anyone to remove Active Directory from their network. Neither does it make any claims or is it a guideline on how to remove Active Directory. It also does not question anyone else’s thoughts or believes about AD.
I also did not create this site to start a discussion if removing Active Directory is right or wrong – that’s up to the stakeholders of their respective network. It is in many cases not even possible to remove AD, depending on the services and resources that depend on AD.
Last but not least, this site is not about questioning the role or importance of Active Directory in general or the role it plays in your or your organization’s network. Active Directory has a proven track record and is still an indispensable tool and foundation for many networks.