Microsoft Active Directory Reviews

I find the product makes it easier to enhance various tools with Microsoft Active Directory. Active Directory can be either on-premises and can also synchronize with the online version of Microsoft Entra.

I find the solution very useful. I can control all the devices in my domain by just changing the group policies in one place.

Perhaps the synchronization could be simpler and more controllable. There are some features that need improvements in terms of ease of use and frequency of updates.

I have used the solution for ten years.

As I said before, there are some things that can be done to improve the integration, mostly with other solutions.

I have never used technical support. I like to solve my own problems.

I have always used Spitterest.

I find the setup straightforward, except if I want to make some customizations, it becomes more complicated.

Implementation is done in-house.

I do see a return on investment with this solution.

I'd rate the solution nine out of ten. I find the solution clear.

We use the solution to control environments for different servers.

The solution's most valuable feature is access control and integration with different applications.

The solution is complicated to navigate. We encounter issues while changing the settings. They should improve these particular features.

We have been using the solution for seven or eight years.

The solution is relatively stable.

It is a scalable solution. We can create multiple active directories using it.

The complexity of the solution's initial setup process depends on the environment. It takes a couple of weeks for simple setups and around a month for complicated structures.

We implement the solution with the help of our in-house team.

We have to purchase a license for the solution.

I rate the solution a nine out of ten. It works well in terms of functions and regular backups of the configuration.

Our company is one of Australia's largest virtual IT groups with more than 120 users and 15 managers. 

We use the solution as an on-premises domain controller for our customers under various environments. 

Some customers have on-premises servers and domain controllers so the solution is installed and managed locally. 

Other customers have on-premises servers but want to migrate their mail server to Office 365 so we pair the solution with Azure AD's cloud service to create a hybrid model. The same passwords can be used for the solution and Azure AD by syncing them together through a password writeback process in Azure AD Connect. 

A third group of customers work only with Office 365 in cloud environments so we deploy only Azure AD for those use cases. 

The Solution's most important feature is that it can merge with a cloud-based active directory via Azure AD Connect. Managing active directories that are stored in two different places is a nightmare for network administrators and users, so this is an important feature. 

The solution supports and can integrate with both on-premises and cloud-based third-party applications such as Azure VPN, P2S, Intune, and MDM. Pairing with Azure AD to accomplish this is a unique feature.  

The interface for logs should be user-friendly and allow for enhanced filtering to drill down to incidents. It is time consuming to get a clear picture and review deviations in conditional policies because you have to check each and every log to find information on malicious attacks, a compromised end-user's account, or phishing emails. 

The logs for sign-ins and auditing should be available for more than a 30-90 day window.

Most logs are displayed in UTC but it would be helpful to include time conversions for tenant regions. Currently, we must do time conversions manually before we contact users to share information and troubleshoot issues. 

I have been using the solution for ten years. 

The solution stable and offers one of the best directory services in the world. 

The solution is scalable to any need with the purchase of the appropriate license. It is easy to integrate or migrate to the next level when scaling. 

I have escalated some issues to technical support and think their assistance is average but it depends on the technical capabilities of the representative who is assigned to help. 

Sometimes we get a representative who can recognize the problem and give us exact solutions because they are capable of scheming the issue. 

Representatives who are cannot scheme an issue have difficulty providing us with a solution. 

We have been using the solution for years and have adjusted our deployments to new environments. 

When Office 356 was introduced in 2015, there was some confusion about how to authenticate users with on-premises active directories where identities and authorizations for several applications were managed. 

We introduced Azure AD for use with the solution to integrate Office 365 with our client's environments. This created a conflict because every user now had two usernames and two passwords. 

To mitigate the conflict in those days, we used AD FS to set a 15-minute time interval which would sync on-premises AD with Azure AD. Information from a user reset in AD would push to Azure AD within a few seconds so this allowed users to log in to Office 365 email from anywhere in the world. 

By 2019, AD FS was a legacy system so we moved to Azure AD Connect which can be installed on an on-premises domain controller. Connect accomplishes the same things as AD FS but includes additional features for syncing. 

The setup for the solution is a bit more difficult than Azure AD because it needs to be configured for the on-premises environment.

There are basic steps to guide deployment so an engineer with overall knowledge of AD should not have issues. 

Deployment times vary based on project scope. A deployment with many users, groups, conditional policies, and configuration policies can take up to six hours. An average deployment with a basic setup can be completed in two hours. 

We implement the solution for our customers. 

The solution is based on a licensing model. Some users of Office 365 are provided with a free license. Our company uses P1 and P2 licenses. 

Cost considerations should also include the value of company infrastructure and data. Cost is calculated per user but that does not matter if the alternative is to lose your data because of authentication issues.  

The priority should be securing your data. Less users means less cost but large-scale operations with 2,000 users clearly have important data within their organization and need to protect it. 

The solution is the most reliable and easiest directory service in the world so we became Gold partners to fully support it. 

The only issue is cost for customers. But if you choose another product, you will face technical challenges with integrations because everyone uses the solution or its cross-platform option Azure AD for things like deploying firewalls in FortiGate. 

In those cases, authenticating VPN users is easy because Azure AD is in the same cloud and allows use of its identity server for LDAP authentications using the same protocols, usernames, and passwords as Office 365. We also use Microsoft Authenticator Application for multifactor authentication that provides push notifications and secondary authentications. 

We chose the solution because it easily handles improvements and integrations. 

The solution is one of the best in the world and includes B2C and C2C features that allow guest access, external access, and cross-authenticating two organizations. There is no comparable tool that provides the full range of features offered with the solution. 

Before choosing a license, think like an architect and do a feasibility study to determine the critical features you need rather than just selecting the most expensive license with all available features. Look at your environment to select the best solution.

For example, if you deploy emails in G Suite or IBM Lotus Cloud there is no point in utilizing the solution. But if you want to migrate email from G Suite or Dropbox to Office 365, then the solution can handle delegation of users and file permissions via SharePoint and Active Directory.

I rate the solution a ten out of ten because it is the best solution available in the market. The solution has a few log issues but it is still rated a ten because there is no comparable option. If you have a BMW with minor issues, you can go with a Mercedes-Benz or Rolls-Royce so there are replacement options. But the solution stands alone with no real competitors. 

I utilize it in almost every scenario. I use the Hazer database and meet daily needs across every industry, every time.

Having active deployment and well-configured systems helps me manage tasks and easily oversee thousands of users.

Technology is evolving. AI is offering solutions. However, short-term fixes are like band-aids.

I have used the solution for a very long time, spanning 25 years.

I have encountered a few stability issues.

I have encountered a few scalability issues.

I expect quick responses from Microsoft, however, in general, assistance can be found in English or occasionally in Turkish. Support documents are available on the internet in every language.

Neutral

I advise consideration of this solution. 

The overall product rating is ten out of ten.

Commonly, we engage in three key use cases. The first involves upgrading customer’s outdated directories like 2008 or 2012 to newer versions for improved structure. The second revolves around creating a hybrid setup with Office or Azure cloud, aiming for single sign-on across both. Lastly, we often tackle restructuring situations due to mergers or acquisitions, where directory structures must be unified into a shared infrastructure. These are the typical scenarios we handle in our projects.

One noteworthy aspect we discovered is the ability to exercise tight control over systems, specifically Windows PCs. This pertains to the management of policies, usage patterns, and user access on these devices, particularly within the framework of Active Directory which is extremely well thought. This actually works better with on-premises solutions. However, as the global trend shifts towards cloud and hybrid environments, Active Directory and its use is diminishing. Yet, it hasn't entirely lost its relevance and remains a presence that cannot be entirely disregarded.      

Typically, it depends on the customer's situation. If the customer operates in smaller locations where most PCs are in a common location, we usually aim to consolidate the directory infrastructure for easier maintenance. However, for distributed setups spanning multiple countries, configuring multiple sites becomes necessary and more intricate to handle. Our objective is to minimize the number of sites, simplifying operations for IT administrators and reducing errors. Mistakes in Active Directory can be costly for organizations, as disruptions can occur rapidly.

Moreover, when it comes to hybrid single sign-on across various applications, Microsoft hasn't put forth significant effort. Single sign-on has become a challenge for many customers who utilize diverse solutions beyond Microsoft products. While implementing single sign-on is relatively straightforward in the Azure cloud, it's considerably more complex when dealing with the local Active Directory. This presents a big challenge for many of our customers.

I have been working with Microsoft since 2000 and was a part of the Microsoft Active Directory Development team in Windows.

The stability and effectiveness of the setup depends on its design consideration of future growth. For instance, if a company starts with a thousand PCs but foresees expansion to ten or fifteen thousand PCs over five years, the solution should involve adding servers rather than restructuring the entire network. Unfortunately, we often find that this foresight is lacking in many cases. The initial design should be though-through with growth in mind to ensure scalability and stability.

Active Directory was an extension of the Windows NT infrastructure and wasn't designed for extreme scalability. It was intended for organizations with around five to six thousand PCs.

However, as organizations grew to more than twenty-five or thirty thousand PCs, the complexity of managing it increased significantly. Especially when managing across different countries or regions, the complexity could lead to errors, issues with patches, and other problems. For large organizations, we often suggest a hybrid solution involving Azure Directory. This way, local Active Directory is still present, but there's less dependency on it and more reliance on the cloud. Cloud solutions like Azure offer virtually limitless scalability compared to local setups constrained by server and network infrastructure.

We have a technical support team in place. In most Active Directory cases, the customers have external support from vendors. In that case, our observation is that if the initial setup is executed well and the system operates smoothly, there are fewer and simple user issues. The maintenance tasks remain minimal.

In the case of Microsoft vendor support, we have extremely poor support quality in our interactions with numerous customers. The received support has been lacking in effectiveness, largely due to the practice of assigning relatively inexperienced individuals who are learning as they go. Dealing with such a complex infrastructure as an active directory, experimenting can worsen the situation.

Neutral

Certainly, we have worked with Novell's Directory Infrastructure, which initially outperformed Microsoft's Active Directory. However, Microsoft rapidly closed the gap and swiftly gained prominence, and became one of the directories that could manage PCs

NetWare emerged as an easy-to-deploy and manage solution with good stability. The Windows NT infrastructure or Active Directory required many servers or just one server. The NT domain was less stable and based on a single server which had a lot of issues and could bring down the entire network. However, Microsoft addressed this concern in subsequent versions, effectively eliminating the problem.

When dealing with a new directory structure, the process is generally straightforward and clear. The approach depends on the organization's desired business rules. In cases of restructuring, the level of complexity varies based on the type of restructuring, whether it involves straightforward consolidation or the amalgamation of two distinct organizations. Rather than rating, the most complex scenario arises during the restructuring of directories, particularly when merging two companies or distinct structures. The complexity arises from the case to simplify and bring the rules on the same ground from each entity into a unified set suitable for the new organization. In my view, these projects have posed one of the most difficult cases.

For a fresh setup, the server infrastructure typically requires a few days or even less. The server setup is generally straightforward, but the time-consuming part lies in manually joining the PCs to the domain, as there isn't a fully automated method for it.

Active Directory is an expensive solution, primarily due to Microsoft's licensing model. This licensing approach includes paying for server licenses as well as for each computer that connects to it. However, when working with the Azure cloud, there is no cost for the server. This is profitable and one of the main reasons why Azure Cloud and other cloud-based solutions are being used more. 

There are certain scenarios where an Azure or cloud-based system might be unsuitable. For example, industries like power plants or government agencies might have restricted cloud connectivity due to regulatory or security concerns. In such cases, the utilization of Active Directory becomes the choice for managing on-premises infrastructure, as cloud isn't feasible option.

I would rate the overall solution an eight out of ten.

We use the solution for Wi-Fi and logging in students and staff on the network.

It's quite easy to integrate into other directories. It allows us to avoid creating other databases. We just replicate the SAM database into other applications requiring users to log in.

The product must provide remote password reset features. Users would want to reset their passwords wherever they are. We've never really had a simple solution where resets could be done remotely other than using third-party applications. We've had to create a third-party application for password resets.

The cloud-based solution was not so easy to deploy. The product should improve Active Directory replication into the cloud. The setup is not seamless. If we set up an AD on-prem and want to deploy it in the cloud, the synchronization setup is not very easy. The product should improve the synchronization between on-prem and cloud servers. The setup is quite complex. It would be helpful to set up a cloud server and link it to the same domain.

The active directory synchronization must be instant. It would be a great improvement if the process were automated. If I go into the cloud and set up a new Active Directory server, and link it to a specific domain, the synchronization should be the way it is on-prem. When I set up a new server on-prem and connect it to the domain, all the users move immediately.

I have been using the solution for ten years.

The tool is very scalable. Around 3000 people are using the solution in our organization. It is extensively used in our organization.

The initial setup is straightforward. The deployment took less than two days.

We did the deployment in-house. The process to deploy comes built into the Windows Server setup. It's one of the easiest services to set up. We need a manager, a systems engineer, and two developers to deploy and maintain the product.

The license per user can probably be reduced. However, the server license is okay. The license fee is paid based on the new release of Windows Server.

We integrated the product into LDAP, which is Lightweight Directory Access Protocol. I would recommend the solution to others. It is easy to deploy the tool on-prem. Overall, I rate the product a ten out of ten.

We use Microsoft Active Directory as an identity provider. Active Directory checks users and accounts.

It is extremely easy to use compared to the other identity providers. It also allows us to have group policies for all sorts of authentication. It also supports Cisco's 802.1X authentication. Moreover, it’s easy to integrate with any kind of product that will support Active Directory authentication.

It is mostly useful for its group policies. We can achieve everything with it, including some kind of restrictions on the users or servers. It is easy to handle, and it gives a hundred percent results with the group policies. Also, there has been significant improvement with the newer version, especially for Active Directory 2016.

Most of the features which are required for the active directory are already introduced into the Azure Active Directory. If you are using the Active Directory, the main concern is that the policy is restricted to the specific local area network. The users may not be in that specific local area network, like the office network, and won't get the updates and new policies.

However, upgrading is not easy because it has to come in a hierarchy from top to bottom. If you are a global administrator and have limited rights, it might be difficult as you are responsible for the whole entity. 

I have been using Microsoft Active Directory for seven years.

It is a stable solution. Azure Active Directory has a very high SLA, but the local active directories face update issues. Those issues need configuring and that is the reason I am giving it a seven out of ten. 

It's easy to scale and in my organization, almost 7,000 users are using this solution. Currently, we are downsizing in Africa and might shift to Azure Active Directory. However, the data is on the cloud, so it won’t affect the processing. I would rate the scalability a ten out of ten. 

My overall experience with the initial setup is satisfactory. My job role and use of Active Directory is very limited to using it as an identity source. At the moment, it is a hybrid model. We have on-premises and private cloud solutions internally. Currently, we are doing an assessment with Azure and AWS and might go with Azure. 

If the data is not that confidential, a company can choose a cloud solution like Active Directory. I would rate the solution a seven out of ten. 

The most valuable feature of the solution stems from the fact that it is very easy to use. The user interface of the product is very easy to use.

Most of the features of the product are not implemented in our company because every employee is involved in their own research and development activities. Microsoft Active Directory restricts most of the features our company's employees want to use since they are involved in research and development activities. The tool should not restrict functions or features for users, and it can be considered as an area for improvement.

I have been using Microsoft Active Directory since 2013.

It is a stable solution. Stability-wise, I rate the solution a nine out of ten.

Every person in my company, which includes around 800 employees, uses the solution.

The tool is extensively used, and there are plans to increase the use of the solution in the future.

The product's initial setup phase was straightforward.

The solution is deployed on an on-premises model.

There are people working on three or four levels in our company involved in the deployment and maintenance process, which includes a manager, a project leader, a project engineer, and a junior engineer.

The deployment process can be carried out with the help of our company's in-house team.

As per the market standard, I would want the current prices of the product to remain the same.

The solution streamlined our company's user management and authentication since it helps us to monitor user activities.

The solution's ability to support our organization's device and user access control stems from the fact that there is a need for us to manage the hierarchy in our company. My company has different hierarchies, so we have used Microsoft Active Directory to manage the hierarchy level in our organization.

I recommended the product to those who plan to use it to use the tool to monitor and analyze the use of devices and data by employees.

The solution's scalability and maintenance help grow our business environment. Since we are an organization that works five days a week, the maintenance part is taken care of on Saturdays or Sundays, which may fall on the second or fourth week of the month. My company regularly maintains and updates the product.

The benefit from the use of the product stems from the fact that it helps our company to monitor and verify the details of employees.

I rate the tool a seven out of ten.