Microsoft AD vs other Directory Service.
This is a tricky question. More tricky that you may even realize... Why oh why you ask...
Joking aside, some sort of Directory Structure is always worth implementing. For networks consisting of more than few clients and some sort of a server it helps a lot by keeping things organized.
Basics
Usually our clients try to compare Microsoft AD to LDAP. As such you can't compare these as they are a different things.
In short terms Active Directory is a Microsoft's implementation of LDAP, plus more bits and pieces added to manage Windows based clients and users. (There is more, lots more to it but let's stick with this short description for now)
What is LDAP then?
LDAP stands for Lightweight Directory Access Protocol and is a standard developed for accessing directory services. so in short is a platform independent way of talking to Directory services.
If you need to compare AD to another solution you need to compare AD to some kind of a directory service such as OpenLDAP or Synology Directory Server.
Key points to remember:
- LDAP is a protocol not a directory service software - while it is open - meaning not controlled by single company, you need a software suite to act as directory service and use LDAP as a way of talking to it.
There may be a cost associated with such software, even though LDAP as a protocol is free. - You can get an Directory Service as part of a bigger software/hardware package - such as with Synology NAS. Synology Directory Service is free by itself, but you still need a Synology hardware to run it on.
- AD is Microsoft's propretiary technology. Although you cn use a LDAP protocol to "talk" to it.
- AD requires licensing.
What's the purpose of Directory?
Directory Services in broad terms allows you to provide organization of your users, computers, contacts and so on, so think of it as a centralized repository of your IT services.
Let's say you need to authenticate a user to use your network or a VPN service, or perhaps you want to maintain a company-wide address book accessible by not only your employees but accessible from a printer or a digital sender device and so on.
Having things centralized and managed has huge benefit when it comes to time needed to administer this whole thing and cuts the errors associated with maintaining separate data repositories.
We won't be diving into details of how it works, just try to realize the benefit of having it running in your IT environment.
Differences between AD and other Directory Services implementations
Let's take a look at two Directory Services solutions and compare it with Microsoft ADOpenLDAP - It's an open source project. Highly customizable and flexible. You can't also beat the price, but...
Microsoft AD offers more than just a directory service, such as GPO (Group Policy Modeling) and if you are primary Windows environment it can be beneficial as it is tightly integrated with OS. another factor in favour of AD is a solid GUI and ease of finding a partner or aquiring in-house knowledge of administering it.
Which option is better for me?
It depends on your needs. If you want to implement directory service in mixed environment, or don't plan to integrate with Azure AD, OpenLDAP or Synology Directory Service may be just what you need. On the other hand if you are a Windows based shop, AD offeres way more features that you can use to manage your environment.
The purpose of short this post is not to give you an answer, but rather get you into thinking mode.
Plan for your specific scenarios and consider different options available.
Keep in mind that any IT infrastructure project should be evaluated to fit your specific needs. Also nosider service availability, as it is crucial in case of Directory Services. You shouldn't be running it on a single server/device. So plan accordingly.
Remember - when your directory service goes down, you're in deep, so make sure your implementation is rock-solid.
We are always here to help with your projects.
