Microsoft Active Directory Reviews

Microsoft Active Directory is an authentication infrastructure.

The most valuable feature of the solution is authentication.

The solution should maintain the infrastructure according to the period you are in and the security changes.

I have been using Microsoft Active Directory for 18 years.

I rate the solution’s stability a nine out of ten.

Around 50,000 users are using the solution in our organization. I use the solution on a daily basis.

I rate the solution’s scalability an eight out of ten.

The solution's initial setup depends on how you want to deploy it. On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup an eight out of ten if you want to deploy it in a better way.

On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a four out of ten.

The solution's group policy is a normal way to deploy configuration and helps deploy to a wider environment. The solution is deployed both on-premises and on the cloud. I would recommend the solution to other users based on their infrastructure.

Overall, I rate the solution a nine out of ten.

The most valuable feature of the solution stems from the fact that it is very easy to use. The user interface of the product is very easy to use.

Most of the features of the product are not implemented in our company because every employee is involved in their own research and development activities. Microsoft Active Directory restricts most of the features our company's employees want to use since they are involved in research and development activities. The tool should not restrict functions or features for users, and it can be considered as an area for improvement.

I have been using Microsoft Active Directory since 2013.

It is a stable solution. Stability-wise, I rate the solution a nine out of ten.

Every person in my company, which includes around 800 employees, uses the solution.

The tool is extensively used, and there are plans to increase the use of the solution in the future.

The product's initial setup phase was straightforward.

The solution is deployed on an on-premises model.

There are people working on three or four levels in our company involved in the deployment and maintenance process, which includes a manager, a project leader, a project engineer, and a junior engineer.

The deployment process can be carried out with the help of our company's in-house team.

As per the market standard, I would want the current prices of the product to remain the same.

The solution streamlined our company's user management and authentication since it helps us to monitor user activities.

The solution's ability to support our organization's device and user access control stems from the fact that there is a need for us to manage the hierarchy in our company. My company has different hierarchies, so we have used Microsoft Active Directory to manage the hierarchy level in our organization.

I recommended the product to those who plan to use it to use the tool to monitor and analyze the use of devices and data by employees.

The solution's scalability and maintenance help grow our business environment. Since we are an organization that works five days a week, the maintenance part is taken care of on Saturdays or Sundays, which may fall on the second or fourth week of the month. My company regularly maintains and updates the product.

The benefit from the use of the product stems from the fact that it helps our company to monitor and verify the details of employees.

I rate the tool a seven out of ten.

We are still on a hybrid environment where we have Azure Directory on-premises, and sync it up to Microsoft.

The password policy helps enforce security protocols by requiring complex passwords and frequent password changes. Additionally, we do not allow users to reuse their last twelve passwords.

The features that I found most effective are the group policies. They allow us to set password policies and other specific setups in the end-user object.

The challenges everyone now has in mind is how to really migrate fully to the cloud. Many companies face both technical and cost-related challenges when moving from on-premise Active Directory to Microsoft Intra. Additionally, not all features available on-premises, such as the RADIUS server, are available in the cloud, necessitating alternative solutions. Moreover, the cost of migrating to the cloud is a significant hurdle due to the yearly subscription fees.

I have been using the solution for around ten years.

We have no complaints regarding the stability of the solution. I would rate the stability nine out of ten.

I rate the scalability a seven out of ten. There are many dependent objects to check, such as compatibility of RADIUS servers, which require time and technical checks.

I have contacted Microsoft support before. The experience can vary; sometimes it is good, and other times it is bad. Much depends on the help desk. My rating for tech support is five out of ten. 

One recommendation for improvement is that support should correspond with the preferred mode of communication indicated in the ticket. Additionally, they should be aware of user time zones to avoid calling at inconvenient times.

Neutral

I have used Microsoft Active Directory and Google.

I have seen value in using Microsoft Active Directory. While it may not return a direct financial ROI, it is a critical part of our infrastructure alongside other solutions like Google Directory.

Microsoft Active Directory can be a suitable choice if you want a suite of Microsoft products like PowerPoint and other Office tools. However, the choice between Google and Microsoft depends on the company's nature of business.

I'd rate the solution eight out of ten. 

I use Microsoft Active Directory as the first line in the LDAP directory. You can use the solution to manage computer accounts, user accounts, and other objects. You can also use Microsoft Active Directory to build roles and permissions.

The solution is widely used in Microsoft environments, where you use computers with the Microsoft OS. The solution is easy to install and has good reliability. With Microsoft Active Directory, you won't have any problems if one of the domain controllers is damaged. The tools you use to maintain and manage Microsoft Active Directory are not complicated.

The solution could be made more safe by using authentication mechanisms. We often have to deal with security issues.

I have been using Microsoft Active Directory for 20 years.

The solution has some bugs, but from my point of view, they are not really important.

More than 1,00,000 users are using the solution in our organization.

Microsoft Active Directory is not an expensive solution. You have to buy the Windows OS licenses, but you don't have to pay any additional product licenses for Active Directory.

You have to build an environment after considering all your requirements. It is really important to consider your organizational structure and the possibilities of the tools you use to authenticate against Active Directory. Microsoft Active Directory is so easy to install. You can promote the domain controller and then have an Active Directory.

Overall, I rate the solution an eight out of ten.

We use the solution to control environments for different servers.

The solution's most valuable feature is access control and integration with different applications.

The solution is complicated to navigate. We encounter issues while changing the settings. They should improve these particular features.

We have been using the solution for seven or eight years.

The solution is relatively stable.

It is a scalable solution. We can create multiple active directories using it.

The complexity of the solution's initial setup process depends on the environment. It takes a couple of weeks for simple setups and around a month for complicated structures.

We implement the solution with the help of our in-house team.

We have to purchase a license for the solution.

I rate the solution a nine out of ten. It works well in terms of functions and regular backups of the configuration.

Microsoft Active Directory is used to centrally manage all objects and provide access. It also serves as the authentication mechanism for most of our Windows and non-Windows applications using Kerberos. User and device management are also handled through Active Directory.

One of the most valuable features of the solution that I like is that it allows our company to apply GPOs properly to many users.

The GUI of Microsoft Active Directory is very basic. At our company, we can go for automation since we don't have many tasks. In the solution, assigning permissions is complex, making it difficult to grant them at a granular level or to multiple users without templates or alternative tools. Although achieving the RBAC or Zero Trust model is challenging due to the same limitations in Microsoft Active Directory, third-party tools are available to assist with this task. Even the Native Azure AD does not have these capabilities.

I do have experience with Microsoft Active Directory. Our company is a customer of the solution. Also, I have been using this solution for maybe eight to ten years. I am using the solution's latest version.

For stability, on a scale where one is not stable and ten is very stable, I rate this solution a seven since there are issues. The solution has its own set of issues concerning patches, compatibility issues, and a few more things. The few other issues are something that actually depends, in a sense, that every month, they roll out the patches, and then they try to close the vulnerabilities, creating issues. So, maybe encryption, and also there are many things.

The scalability of the solution is high. Scalability-wise, I rate this solution may be above eight out of ten. There are around 4,00,000 users of this solution.

The solution is used very often, daily, since it serves as a primary tool for various tasks, including authentication and other functions. At present, we do not plan to increase the number of users using the solution, as we are trying to reduce the footprint.

I rate the technical support for the solution between six to seven out of ten. While technical support is proactive, there are times when we cannot get through a call and don't always receive the support we expect from Microsoft's technical support team.

Neutral

The initial setup of the solution is easy, and I would rate it an eight or nine out of ten on a scale of one to ten, where one being difficult and ten being easy.

The deployment time of the solution varies depending on the team responsible for it. Since it's not primarily our team's responsibility, I'm unsure of the exact time required for deployment. I don't think more than one person is required for the entire deployment process. The number of people required to maintain the solution depends on the company's size.

The solution is worth the money paid for it.

I'm unsure about the cost of the solution, as I was never involved in that aspect. However, I don't think it would be expensive. It might be average, around four or five out of ten. I believe the licensing costs are volume licensing for on-premises, so it shouldn't be monthly. I think it's a one-time purchase for the server, and it comes with the necessary licenses. We don't have to buy any additional licenses.

My advice for those planning to use Microsoft Active Directory as a solution is that it is a scalable and stable platform that has been used for many years. It is a necessary tool for companies using Windows-based operating systems to manage their objects. Overall, I rate this solution an eight out of ten.

Our company is one of Australia's largest virtual IT groups with more than 120 users and 15 managers. 

We use the solution as an on-premises domain controller for our customers under various environments. 

Some customers have on-premises servers and domain controllers so the solution is installed and managed locally. 

Other customers have on-premises servers but want to migrate their mail server to Office 365 so we pair the solution with Azure AD's cloud service to create a hybrid model. The same passwords can be used for the solution and Azure AD by syncing them together through a password writeback process in Azure AD Connect. 

A third group of customers work only with Office 365 in cloud environments so we deploy only Azure AD for those use cases. 

The Solution's most important feature is that it can merge with a cloud-based active directory via Azure AD Connect. Managing active directories that are stored in two different places is a nightmare for network administrators and users, so this is an important feature. 

The solution supports and can integrate with both on-premises and cloud-based third-party applications such as Azure VPN, P2S, Intune, and MDM. Pairing with Azure AD to accomplish this is a unique feature.  

The interface for logs should be user-friendly and allow for enhanced filtering to drill down to incidents. It is time consuming to get a clear picture and review deviations in conditional policies because you have to check each and every log to find information on malicious attacks, a compromised end-user's account, or phishing emails. 

The logs for sign-ins and auditing should be available for more than a 30-90 day window.

Most logs are displayed in UTC but it would be helpful to include time conversions for tenant regions. Currently, we must do time conversions manually before we contact users to share information and troubleshoot issues. 

I have been using the solution for ten years. 

The solution stable and offers one of the best directory services in the world. 

The solution is scalable to any need with the purchase of the appropriate license. It is easy to integrate or migrate to the next level when scaling. 

I have escalated some issues to technical support and think their assistance is average but it depends on the technical capabilities of the representative who is assigned to help. 

Sometimes we get a representative who can recognize the problem and give us exact solutions because they are capable of scheming the issue. 

Representatives who are cannot scheme an issue have difficulty providing us with a solution. 

We have been using the solution for years and have adjusted our deployments to new environments. 

When Office 356 was introduced in 2015, there was some confusion about how to authenticate users with on-premises active directories where identities and authorizations for several applications were managed. 

We introduced Azure AD for use with the solution to integrate Office 365 with our client's environments. This created a conflict because every user now had two usernames and two passwords. 

To mitigate the conflict in those days, we used AD FS to set a 15-minute time interval which would sync on-premises AD with Azure AD. Information from a user reset in AD would push to Azure AD within a few seconds so this allowed users to log in to Office 365 email from anywhere in the world. 

By 2019, AD FS was a legacy system so we moved to Azure AD Connect which can be installed on an on-premises domain controller. Connect accomplishes the same things as AD FS but includes additional features for syncing. 

The setup for the solution is a bit more difficult than Azure AD because it needs to be configured for the on-premises environment.

There are basic steps to guide deployment so an engineer with overall knowledge of AD should not have issues. 

Deployment times vary based on project scope. A deployment with many users, groups, conditional policies, and configuration policies can take up to six hours. An average deployment with a basic setup can be completed in two hours. 

We implement the solution for our customers. 

The solution is based on a licensing model. Some users of Office 365 are provided with a free license. Our company uses P1 and P2 licenses. 

Cost considerations should also include the value of company infrastructure and data. Cost is calculated per user but that does not matter if the alternative is to lose your data because of authentication issues.  

The priority should be securing your data. Less users means less cost but large-scale operations with 2,000 users clearly have important data within their organization and need to protect it. 

The solution is the most reliable and easiest directory service in the world so we became Gold partners to fully support it. 

The only issue is cost for customers. But if you choose another product, you will face technical challenges with integrations because everyone uses the solution or its cross-platform option Azure AD for things like deploying firewalls in FortiGate. 

In those cases, authenticating VPN users is easy because Azure AD is in the same cloud and allows use of its identity server for LDAP authentications using the same protocols, usernames, and passwords as Office 365. We also use Microsoft Authenticator Application for multifactor authentication that provides push notifications and secondary authentications. 

We chose the solution because it easily handles improvements and integrations. 

The solution is one of the best in the world and includes B2C and C2C features that allow guest access, external access, and cross-authenticating two organizations. There is no comparable tool that provides the full range of features offered with the solution. 

Before choosing a license, think like an architect and do a feasibility study to determine the critical features you need rather than just selecting the most expensive license with all available features. Look at your environment to select the best solution.

For example, if you deploy emails in G Suite or IBM Lotus Cloud there is no point in utilizing the solution. But if you want to migrate email from G Suite or Dropbox to Office 365, then the solution can handle delegation of users and file permissions via SharePoint and Active Directory.

I rate the solution a ten out of ten because it is the best solution available in the market. The solution has a few log issues but it is still rated a ten because there is no comparable option. If you have a BMW with minor issues, you can go with a Mercedes-Benz or Rolls-Royce so there are replacement options. But the solution stands alone with no real competitors. 

Commonly, we engage in three key use cases. The first involves upgrading customer’s outdated directories like 2008 or 2012 to newer versions for improved structure. The second revolves around creating a hybrid setup with Office or Azure cloud, aiming for single sign-on across both. Lastly, we often tackle restructuring situations due to mergers or acquisitions, where directory structures must be unified into a shared infrastructure. These are the typical scenarios we handle in our projects.

One noteworthy aspect we discovered is the ability to exercise tight control over systems, specifically Windows PCs. This pertains to the management of policies, usage patterns, and user access on these devices, particularly within the framework of Active Directory which is extremely well thought. This actually works better with on-premises solutions. However, as the global trend shifts towards cloud and hybrid environments, Active Directory and its use is diminishing. Yet, it hasn't entirely lost its relevance and remains a presence that cannot be entirely disregarded.      

Typically, it depends on the customer's situation. If the customer operates in smaller locations where most PCs are in a common location, we usually aim to consolidate the directory infrastructure for easier maintenance. However, for distributed setups spanning multiple countries, configuring multiple sites becomes necessary and more intricate to handle. Our objective is to minimize the number of sites, simplifying operations for IT administrators and reducing errors. Mistakes in Active Directory can be costly for organizations, as disruptions can occur rapidly.

Moreover, when it comes to hybrid single sign-on across various applications, Microsoft hasn't put forth significant effort. Single sign-on has become a challenge for many customers who utilize diverse solutions beyond Microsoft products. While implementing single sign-on is relatively straightforward in the Azure cloud, it's considerably more complex when dealing with the local Active Directory. This presents a big challenge for many of our customers.

I have been working with Microsoft since 2000 and was a part of the Microsoft Active Directory Development team in Windows.

The stability and effectiveness of the setup depends on its design consideration of future growth. For instance, if a company starts with a thousand PCs but foresees expansion to ten or fifteen thousand PCs over five years, the solution should involve adding servers rather than restructuring the entire network. Unfortunately, we often find that this foresight is lacking in many cases. The initial design should be though-through with growth in mind to ensure scalability and stability.

Active Directory was an extension of the Windows NT infrastructure and wasn't designed for extreme scalability. It was intended for organizations with around five to six thousand PCs.

However, as organizations grew to more than twenty-five or thirty thousand PCs, the complexity of managing it increased significantly. Especially when managing across different countries or regions, the complexity could lead to errors, issues with patches, and other problems. For large organizations, we often suggest a hybrid solution involving Azure Directory. This way, local Active Directory is still present, but there's less dependency on it and more reliance on the cloud. Cloud solutions like Azure offer virtually limitless scalability compared to local setups constrained by server and network infrastructure.

We have a technical support team in place. In most Active Directory cases, the customers have external support from vendors. In that case, our observation is that if the initial setup is executed well and the system operates smoothly, there are fewer and simple user issues. The maintenance tasks remain minimal.

In the case of Microsoft vendor support, we have extremely poor support quality in our interactions with numerous customers. The received support has been lacking in effectiveness, largely due to the practice of assigning relatively inexperienced individuals who are learning as they go. Dealing with such a complex infrastructure as an active directory, experimenting can worsen the situation.

Neutral

Certainly, we have worked with Novell's Directory Infrastructure, which initially outperformed Microsoft's Active Directory. However, Microsoft rapidly closed the gap and swiftly gained prominence, and became one of the directories that could manage PCs

NetWare emerged as an easy-to-deploy and manage solution with good stability. The Windows NT infrastructure or Active Directory required many servers or just one server. The NT domain was less stable and based on a single server which had a lot of issues and could bring down the entire network. However, Microsoft addressed this concern in subsequent versions, effectively eliminating the problem.

When dealing with a new directory structure, the process is generally straightforward and clear. The approach depends on the organization's desired business rules. In cases of restructuring, the level of complexity varies based on the type of restructuring, whether it involves straightforward consolidation or the amalgamation of two distinct organizations. Rather than rating, the most complex scenario arises during the restructuring of directories, particularly when merging two companies or distinct structures. The complexity arises from the case to simplify and bring the rules on the same ground from each entity into a unified set suitable for the new organization. In my view, these projects have posed one of the most difficult cases.

For a fresh setup, the server infrastructure typically requires a few days or even less. The server setup is generally straightforward, but the time-consuming part lies in manually joining the PCs to the domain, as there isn't a fully automated method for it.

Active Directory is an expensive solution, primarily due to Microsoft's licensing model. This licensing approach includes paying for server licenses as well as for each computer that connects to it. However, when working with the Azure cloud, there is no cost for the server. This is profitable and one of the main reasons why Azure Cloud and other cloud-based solutions are being used more. 

There are certain scenarios where an Azure or cloud-based system might be unsuitable. For example, industries like power plants or government agencies might have restricted cloud connectivity due to regulatory or security concerns. In such cases, the utilization of Active Directory becomes the choice for managing on-premises infrastructure, as cloud isn't feasible option.

I would rate the overall solution an eight out of ten.