Table of Contents
Directories are hierarchical structures that store information about objects on the network. A directory in the generic sense is a comprehensive listing of objects. A phone book is also a type of directory which stores information about people, businesses and government organizations typically recording names, addresses and phone numbers.
Today we look at major differences between Active directory vs Azure directory, their features, advantages and disadvantages etc.
What is Active directory?
Active directory is Microsoft technology used to manage systems and other devices on the network. It is a primary feature of the Windows server operating system which runs both on local and Internet based servers. Active directory consists of several objects Containers, leaf.
- Containers contain other objects within them and make collections of them such as Ex-Forest, tree, Domains, Organizational units.
- Leaf objects cannot contain objects within themselves such as Ex-users, computers, printers, scanners etc.
Features of Active directory
- Hierarchical arrangement of organization structure
- Multi User authentication and multi-master replication allowing access and modification of AD from multiple points of administration
- Single point of access for all network resources and provides information about user objects, computers and services in the network
- Allows to manage user accounts and resources from a GUI interface and applies policies consistently across the network
- Stores information in a secure database and provide tools to search or manage directory and its objects
- Ability to create trust relationships with external networks running on previous versions of Active directory and even Unix flavour systems
What is Azure AD?
Azure AD is Microsoft multi-tenant, cloud-based directory and identity managed service. It helps employees to sign up to multiple services and access them anywhere over the cloud with a single set of credentials.
Azure Directory provides two fundamental services : Providing authentication and authorization for users attempting to access the devices, data, applications and other resources in the IT ecosystem.
Authentication process validates the entity which is done traditionally by supplying a user name and password and at times MFA (Multi factor authentication) is also enforced like a secret code sent on a phone or a fingerprint.
Authorization will determine if an entity is allowed to access or do a specific task based on their permissions.
Features of Azure Directory
- Self-service password reset , registering new devices support
- Self-service group management support
- Ease of integration with 3rd party services
- Strong authentication and conditional access policies
Difference between Active directory & Azure AD
The key differences between the AD and Azure AD are:
Communication
- AD: Data is passed between users and servers by LDAP (Lightweight Directory Access Protocol)
- Azure AD: REST APIs are used to communicate with other web services.
Network Organization
- AD: Organizational units, domains and forests.
- Azure AD: Flat structure of users and groups.
Hosted on
- AD: Active directory resides in on premises computers called Domain controllers (DCs).
- Azure AD: Azure AD resides on Microsoft servers in Microsoft data centres.
Structure
- AD: Primary unit is domain, a group of related users, systems and AD objects stored in a single database and managed together.
- Azure AD: The basic building block is a tenant dedicated instance of Azure AD for a particular organization.
Authentication Mechanism
- AD: Uses LM , NTLM , NTLMv2 and Kerberos protocol.
- Azure AD: Uses OAuth, SAML,WS-Security and OpenID Connect.
Authorization Mechanism
- AD: Based on AD security group ownership, directly assigned permissions and Group policy.
- Azure AD: Based on Azure AD security groups, Microsoft 365 groups and Azure AD roles.
Desktops
- AD: Desktops joined to Windows Active directory (AD).
- Azure AD: Windows desktop can join Azure Active Directory (AD) with Microsoft Intune.
Device Management Mechanism
- AD: Device management is performed using group policy to prevent the installation of unauthorized machines, lock system after certain period of inactivity, automatically install software updates on all computers, and prevent the use of removable storage devices etc.
- Azure AD: Device management is performed using Microsoft Intune to setup different rules and options to block jailbroken devices, pushing certificates to devices so users can connect to your network via a VPN, and wipe corporate data from a device that is lost or stolen.
Entitlement Management
- AD: Admins or data owners assign users to groups.
- Azure AD: Admins organize users into groups.
Servers
- AD: Either managed & governed by group Policy GPO’s or on premise server management systems.
- Azure AD: No GPO’s. Managed by Azure AD domain services.
Device Handling
- AD: No mobile device management is supported.
- Azure AD: Supports Mobile device management.
Comparison Table: Active Directory vs Azure AD
Below table summarizes the differential points: