Media kit 
Looking for our logo, visual assets, or our brand book?
Check out our media kit!
Glossary / Active Directory (AD)
Active Directory (AD)
What is Active Directory?
Active Directory (AD) is a Microsoft directory service that plays a central role in managing users, computers, and other resources within a network. It acts as a centralized repository of information, providing a hierarchical structure for organizing and managing network objects.
Think of it as a comprehensive address book and security system for your entire IT environment. At its core, Active Directory stores information about various objects, including:
- Users: Employee accounts, login credentials, contact information, and group memberships.
- Computers: Workstations, servers, and their associated settings.
- Groups: Collections of users and computers for simplified management and access control.
- Printers: Networked printers and their configurations.
- Shared Folders: Network locations for storing and sharing files.
How Active Directory works
Active Directory uses a hierarchical structure based on domains. A domain is a logical grouping of network objects that share a common directory database. Within a domain, objects are organized into Organizational Units (OUs), allowing administrators to group users and computers for easier management.
Key components of Active Directory include:
- Domain controllers: Servers that store the Active Directory database and handle authentication requests.
- Group policy: A set of rules and settings that control the working environment of user accounts and computer accounts.
- LDAP (Lightweight Directory Access Protocol): A standard protocol used to access and manage directory information.
- Kerberos authentication: A secure authentication protocol that verifies user identities.
- DNS (Domain Name System): A hierarchical naming system for computers, services, and other resources connected to the internet or a private network.
Active Directory functions as a centralized system for managing network resources, leveraging its hierarchical structure and key components—such as domain controllers, group policy, LDAP, Kerberos authentication, and DNS — to ensure efficient and secure directory management.
View Strata’s recipes for Active Directory, which highlight our Identity Continuity solution, and the ability to securely authenticate with AD if your primary Identity Provider (IDP) is ever unavailable.
Active Directory vs Azure Active Directory (AD) now Microsoft Entra ID
With the rise of cloud computing, Microsoft extended Active Directory to the cloud with Microsoft Azure Active Directory or Azure AD. Not surprisingly, there was a lot of confusion around these two products with such similar names. So in 2023, Azure AD became Microsoft Entra ID.
Microsoft Entra ID provides identity and access management services for cloud-based applications and services.
Differences between Active Directory and Microsoft Entra ID
Active Directory (AD) and Azure Active Directory (Azure AD) are both identity and access management solutions from Microsoft, but they serve different purposes and operate in different environments.
| Feature | Active Directory (AD) | Microsoft Entra ID / Azure Active Directory (Azure AD) |
| Environment | On-premises | Cloud-based |
| Primary Use Case | Manages on-premises infrastructure like computers, users, and groups in a corporate network. | Manages access to cloud-based applications, SaaS services (e.g., Microsoft 365), and hybrid environments. |
| Protocols | Kerberos, LDAP, NTLM | OAuth 2.0, OpenID Connect, SAML, WS-Federation |
| Domain-based | Relies on domain controllers for centralized authentication. | Domain-less; designed for cloud-first environments. |
| Device Management | Provides Group Policy for configuring devices in the network. | Integrates with Intune for modern device management. |
| Application Focus | Focuses on local resources (e.g., file servers, printers). | Focuses on cloud resources (e.g., Microsoft 365, Azure). |
| Hybrid Capabilities | Can integrate with Azure AD for hybrid scenarios using tools like AD Connect. | Works natively in the cloud; can extend identity to on-premises resources. |
| Authentication | Primarily for Windows-based authentication. | Supports cloud authentication and third-party SaaS. |
As an on-premises directory service, reliance on Active Directory is not what it once was as more and more organizations are moving to the cloud. However, identity modernization has traditionally not been a straightforward process; many companies still heavily use Active Directory and will continue to do so for the foreseeable future.
Check out our comprehensive Orchestration “Cookbook”, which covers how to modernize your multi-generation Microsoft Identity services.
Learn how to address hybrid identity fragmentation across on-premises and Azure Active Directory (AD).