Microsoft Active Directory Reviews

My main use cases for Microsoft Active Directory are to manage user access and credentials.

The features I find most useful in Microsoft Active Directory are especially for the Single Sign-On. This is very useful for users, particularly if they have plenty of applications, such as tablet applications. When they log in to their computer, the application will automatically log in with their credentials. They don't need to remember another user and password to log in to the application because it's already maintained with Microsoft Active Directory using Single Sign-On.

To assess the impact of Microsoft Active Directory's centralized domain management on security protocols and access permissions, Microsoft Active Directory itself has constraints with security because when we have a solution such as SSO or Single Sign-On, which makes it easier for users to log in, some parts have security openings. When their computer is compromised with a threat, malware, or other cyber threats, it becomes easier to enter the application without login permission.

The best way to protect this is to use Microsoft Defender.

For Microsoft support for Microsoft Active Directory, I would rate it as eight. If I give it 10, it would be too perfect. Eight is fair.

Microsoft should work on the support and ability to solve problems more efficiently. You cannot contact Microsoft directly. Microsoft has partners related to support that can help customers solve issues. When partners are unable to resolve the issue, they will raise the issue to Microsoft headquarters.

This process sometimes takes time while waiting for a solution from them.

I have implemented Azure Active Directory, which is now Entra ID. Azure is a virtual server on the Microsoft cloud.

If you meet the installation requirements from Microsoft, it will be very stable. You can rate it as 10. Since Microsoft has cloud services, it's quite stable. The stability depends on the connection from your organization or office to the internet or Microsoft servers, such as Microsoft Azure.

Microsoft Active Directory is very scalable.

The support for Microsoft depends on what service you purchase from Microsoft. If you purchase retail, the support will be more difficult because they will assess the priority or rating from the customer, especially Microsoft CS. If they see us as not too important or not urgent, they can lower the priority for us. That makes it more difficult to solve problems when facing trouble in the organization or business operation.

Positive

In the previous organization, we had ADFS to control the domain in other branches. They had less sync from the parent or family domain. They did not experience slow login issues with the credentials.

Regarding Microsoft Active Directory's integration with third-party applications, it depends on the requirements. It's not always linked or combined with Microsoft Active Directory.

In my experience, it's difficult to manage Microsoft Active Directory when the server is attacked by a threat or malware. In Microsoft Active Directory, you should have a minimum of two servers. If one server is compromised with malware or cyber threats, it makes some users unable to log in to their desktop. This demands skill to recover Microsoft Active Directory as soon as possible so the business or operation will not have disruption for a long time.

During attacks, the first step is checking the FSMO role in Microsoft Active Directory to identify the healthy server. Then ensure all five FSMO roles are on the server. If not, we can move the FSMO roles including operational roles, schema roles, and others. After ensuring all roles are in the healthy server, we can depromote the broken server and rebuild another one, or restore from backup to previous conditions and restore the roles.

Microsoft has improved many aspects of Microsoft Active Directory. They moved services from on-premise to the cloud, providing Microsoft Azure, and the domain product Microsoft Entra ID. However, Microsoft Entra ID doesn't have a group policy object to manage policy inside the organization under the domain. That's why we still have Microsoft Active Directory on-premise to manage group policy activity.

The ease of use depends on your viewpoint as an engineer or normal user. For IT professionals with experience, it's easy. For new engineers, it takes some time. Currently, with AI solutions, you can ask ChatGPT or Gemini which makes it easier.

With Microsoft services subscription in the cloud, patches focus more on workstation or client workstation rather than Microsoft Active Directory itself, as updates are automatically managed by Microsoft. For on-premise installations, you need to manage updates manually, with settings to handle updates automatically or download them for review and approval.

I recommend Microsoft Active Directory based on organizational requirements. When you need the best tools for authentication, credentials, and domain management for settings and applications, consider Microsoft Active Directory for on-premise installation. If budget is limited for server investments, cloud subscription is the best way to control organization authentication and credentials. Without this solution, managing and controlling workstations becomes difficult, including tracking user access and activities.

Overall rating: 8 out of 10.

My usual use case for Microsoft Active Directory is to share groups of authorization among many different applications. The other use case for Microsoft Active Directory is the authentication of users, but it's less at the moment. I utilize Microsoft Active Directory's group policies for administrative tasks. Group policies are an important part of it.

The features and capabilities of Microsoft Active Directory that I have found the most valuable over the years are that it is a mature technology, it's stable, and it delivers what it promises.

I see there is a bigger development of Microsoft Active Directory with the upcoming Microsoft Entra, a new cloud version of Active Directory, with a lot of additional features. We are expecting many customers using the Active Directory on-premises to migrate to the cloud using Microsoft Entra.

Microsoft Active Directory overall has impacted many organizations by greatly reducing the management of users in every aspect. You manage really centrally. This was the first user registry in identity management, the first concentrated user registry for usage in IT.

I think Microsoft Active Directory could be more intuitive.

My impression of the integration of Microsoft Active Directory with third-party applications is that it can be made better. It's not the tendency of Microsoft to use a standard, but to modify it to their needs. This is catastrophic if you have to integrate other applications that use the same standard. This creates a major problem, so you have to be very careful and implement step by step, knowing that the partner is Microsoft.

I would leave Microsoft Active Directory as it is and build possibly interfaces. For example, there is a provisioning protocol standard named SCIM. It seems that Microsoft Active Directory does not yet have a SCIM interface, which is a problem.

I have been working with Microsoft Active Directory for more than 20 years.

I have never had the chance to communicate with the technical support and customer service of Microsoft Active Directory because I'm outside the real operation of Microsoft Active Directory. I'm an architect that decides, and my colleagues are into that.

Sometimes I have used documentation, guides, or manuals for Microsoft Active Directory. I have a few books about Microsoft Active Directory. There are many books about it.

Positive

Before Microsoft Active Directory, there was no solution. You had a Windows Server where you had to register the user in this server, and on the next server, you had to register the user again. With the arrival of Microsoft Active Directory, you began to bind these servers in a Windows directory domain. So you register the user once and the user could use all the servers in the domain. This was a major breakthrough.

My impression on the pricing and licensing of Microsoft Active Directory is complex. The cost is not straightforward as Microsoft doesn't sell Microsoft Active Directory alone; it sells it as part of the Windows Server, and you get the bundle. If you don't need the Windows Server, they allow you to have users, but the pricing is very unclear.

I consider Microsoft Active Directory expensive because if you buy this thing bundled with the Windows Directory Server, you get five user licenses for about a thousand euros, or a little bit less than this. So it is 200 euros per user. This for only Microsoft Active Directory service is very pricey.

At the introduction of Microsoft Active Directory, many years ago, I evaluated other options theoretically, but they were very complex: you could set up a directory with LDAP, open source LDAP or the Red Hat Directory Server, and underneath you may have used a few Linux protocols to share files.
Microsoft did an excellent job at that time. Users went en masse in the direction of Microsoft Active Directory and domain services, and the success pays off even today.

The impact of Microsoft Active Directory's centralized domain management in the Networks of our customers has been huge and it's really a founding stone for the application inside on-premises.

My impression on Microsoft Active Directory Federation Services for secure single sign-on is that if you have a very strong installation base of users and Microsoft Active Directory on-premises, you may build applications using Microsoft Active Directory Federation Services, even allowing users from outside your internet to access your application.

Even in the Entra services, the cloud service of Microsoft, the price is not only for the directory service but for a bundle of services. Microsoft wants to sell the services, and you get the Entra directory included, but you cannot buy the Entra directory alone.

Today, the world is moving against a mixed model between on-premises and the cloud. The pure Intranet is becoming less common. You need other technology exactly the single sign-on and an external user registry. But the first instance of a centralized user registry has been Microsoft Active Directory.

Based on my experience, I rate Microsoft Active Directory a 9 out of 10.

I use Microsoft Active Directory when I need to perform password resets, account unlocks, add users to groups, create users, disable accounts, set account expirations, check memberships, or add licenses. These are the primary tasks I use Microsoft Active Directory for.

I am aware of what single sign-on is, but I don't use Active Directory Federation Services for secure single sign-on.

What I find most useful in Microsoft Active Directory is the ability to check members of groups. I can recall situations where users reach out wanting to access particular folders or Outlook and get errors, often unaware that they don't have access to an Office 365 license. The members tab in Microsoft Active Directory proves most useful for these scenarios.

I believe that the use of Microsoft Active Directory will increase steadily, especially as organizations shift towards cloud solutions. They are moving away from on-premises infrastructure to cloud versions of Microsoft Active Directory and more.

Regarding integration with third-party applications, many have their passwords or login synchronized with Microsoft Active Directory. When we reset the password for one application, it resets for all. Not only passwords, but the login methods are set up for all other applications. Users do not have to remember different passwords for all applications; they just need to log into one Microsoft application, whether it's Outlook, Teams, or whatever they want to log in to, and through that, they can access all other applications.

I haven't explored all the features of Microsoft Active Directory yet, as I'm still learning and exploring all the options within the platform.

There is one minor improvement I can suggest. Sometimes when we create email groups in Microsoft Active Directory and add someone to that group, it takes around 24 to 48 hours for their email account to be synchronized with their Microsoft Office 365 shared mailbox, distribution list, or group. If that time could be reduced, it would be really beneficial for us and the end user. When adding an account through Microsoft Exchange, it syncs within 10 to 15 minutes, but when using Microsoft Active Directory, it takes around 24 to 48 hours. Reducing this synchronization time would be beneficial.

I have been working with Microsoft Active Directory for at least three years.

I have never communicated with the technical support and customer service of Microsoft Active Directory.

Positive

I have used Microsoft Active Directory's group policies for administrative tasks.

Applying policies or rules on particular users, systems, computers, and printers one by one is really challenging, so the group policy deployment option is one of the best options to deploy group policies at once to a particular set of people or to a particular group.

Microsoft Active Directory is the most centralized tool for my organization, which has impacted us positively. We can reset passwords for all users at once, add anyone to any group, and check the members tab. Being a part of tech support, it is really easy for us to troubleshoot end-user issues through Microsoft Active Directory. It makes our work easier, so it is really beneficial for our information technology needs.

In my organization, most of the tools being used are from Microsoft, so it is really good and largely expandable.

Microsoft Active Directory serves as our centralized tool for handling most cases, around 70% of them, which I manage with its help, and it never fails. Even recently, there was an issue with CrowdStrike, but we haven't seen anything similar with Microsoft Active Directory to date. It is reliable, and we have not faced any issues thus far.

On a scale of 1-10, I rate Microsoft Active Directory a 9.

I am an end-user of Microsoft Active Directory solutions.

The features of Microsoft Active Directory that I find most valuable are the normal features, such as LDAP, authentication, roaming profiles, and file server.

I have utilized Microsoft Active Directory Group Policies for administrative tasks.

These Group Policies provide enhancement, helping to reduce administrative overhead and enhance productivity.

Microsoft Active Directory Federation Services is very difficult for on-premises solutions, while for the cloud solution, it's very easy.

I mentioned that ADFS can be very difficult for on-premises versions and that it could be simplified or changed.

I have experience working with Microsoft Active Directory for three years.

In my environment, all integration with Microsoft Active Directory is very easy.

I find Microsoft Active Directory to be a stable solution.

I believe Microsoft Active Directory is a scalable solution for any environment.

On a scale of one to ten, I would rate technical support from Microsoft Active Directory as a nine.

Positive

Before implementing Microsoft Active Directory, we didn't use any other solutions.

I find the initial setup of Microsoft Active Directory easy, as we can implement it in a couple of minutes.

I currently see no direct return on investment from this solution, but there are cost savings, time savings, and other benefits.

For the cloud solution in our region, the pricing of Microsoft Active Directory is very high.

There is currently nothing I can suggest for the enhancement of Microsoft Active Directory, as it is a good solution and performs well. On a scale of one to ten, I rate Microsoft Active Directory a nine out of ten.

Active Directory provides centralized identity and access management, and it integrates well with many Microsoft products, which are very prevalent. We have end-user systems like Windows 10 or 11, SharePoint, and the mailing solution Exchange or maybe Office 365. It works well with all these things, and that's the reason we have chosen Active Directory.

One valuable feature is the centralized creation of IDs. Another is the creation of groups, which helps us to compartmentalize access or controls. Additionally, the delegation capability allows us to limit access for managing the Directory. This is really time-saving since I don't need to create users in each server or system manually, and user access control is streamlined. Permissions can be granted to a group or specific folder with one or two clicks in Active Directory, avoiding the need to add groups or people individually.

Even better group management would be beneficial. Creating and searching through groups can be challenging, especially if I need to export data. Exporting and verifying group memberships require command line scripts, which isn't simple. The current Active Directory UI is limited in report generation, necessitating script knowledge to generate various reports.

I have used this solution for about five to ten years.

The solution is stable. With multiple domain controllers, stability is ensured. There are no issues regarding stability, and I would rate it between nine and ten, possibly even ten.

On a scale from one to ten, I would rate their customer service a seven. Sometimes support takes long to engage and resolve, extending over weeks or even months.

Neutral

The initial setup is not completed in minutes, yet not in days either. I would say it takes maybe hours, around one or two, for deploying Active Directory. It depends on whether it's for an existing setup, which takes hours, or a new setup, which might take four to five hours to configure Active Directory, install it, and prepare sites, services, and the network.

The solution is really time-saving since I don't need to create users in each server or system manually, and user access control is streamlined. Permissions can be granted to a group or specific folder with one or two clicks in Active Directory, avoiding the need to add groups or people individually. A lot of time is saved with centralized user management.

I definitely recommend it. I can rate it nine out of ten. It's a good solution.

The use cases for Microsoft Active Directory are managing all users on-premises. We have over 200 employees and multiple computers, approximately over 200 computers. We have shared computers and shared user accounts, which is why we use Microsoft Active Directory, along with Group Policy and all that other functionality that comes with it.

The best features of Microsoft Active Directory are the OUs, the groups, and how everything is set up relatively quickly. If I change a password or need to reset a password, the information propagates relatively quickly, and the structuring inside is easy to understand and use. It also works effectively with other Microsoft products.

I would assess the impact of Microsoft Active Directory's centralized domain management on our organization's security protocols and access permissions as satisfactory. Our protocols are relatively good, but with different vendors, many that need service accounts utilize legacy systems which aren't up to par, requiring us to make exceptions.

There are a few areas that could be improved with Microsoft Active Directory, along similar lines as Intune. Not too much on the support side, but on the Group Policy side, it doesn't always function as intended. Sometimes, it can be overly complicated, and when you apply Group Policy in an Active Directory environment, sometimes those settings apply and sometimes they don't.

I've been using Microsoft Active Directory for over 3 years, and we've had no problems. It runs continuously, so it's always operational.

The deployment experience was rated as seven out of ten.

I've been working with Microsoft Active Directory for over 3 years, and we've had no problems. It runs continuously, so it's always operational.

Microsoft Active Directory scales effectively; I don't foresee any issues with that at all.

The initial setup of Microsoft Active Directory is complicated, especially with an existing Active Directory. You have to demote the existing AD, promote the new AD, and set up synchronization between the two, as you should always have two Active Directories so they replicate between one another.

The pricing, setup cost, and licensing with Microsoft Active Directory is straightforward; you just buy the server and then have to buy the user CALs.

I have used Microsoft Active Directory for a long time, but not with Intune, just as a stand-alone solution. I now use Microsoft Active Directory along with Intune.

Microsoft Active Directory Federation Services for secure single sign-on has worked effectively. We don't utilize it with other businesses, but with the whole hybrid and Intune AD and the sync between everything, it functions relatively smoothly.

The integration of Microsoft Active Directory with third-party applications has helped with interoperability in our IT environment. Examples include different applications we've utilized before, such as NetGate, where we use the LDAP feature built into Microsoft Active Directory for single sign-on. We've used it for other open-source software and proprietary software integrating ADFS, which has been helpful for authenticating against the domain to other third-party applications.

On a scale of 1-10, I rate Microsoft Active Directory a seven.

We are still on a hybrid environment where we have Azure Directory on-premises, and sync it up to Microsoft.

The password policy helps enforce security protocols by requiring complex passwords and frequent password changes. Additionally, we do not allow users to reuse their last twelve passwords.

The features that I found most effective are the group policies. They allow us to set password policies and other specific setups in the end-user object.

The challenges everyone now has in mind is how to really migrate fully to the cloud. Many companies face both technical and cost-related challenges when moving from on-premise Active Directory to Microsoft Intra. Additionally, not all features available on-premises, such as the RADIUS server, are available in the cloud, necessitating alternative solutions. Moreover, the cost of migrating to the cloud is a significant hurdle due to the yearly subscription fees.

I have been using the solution for around ten years.

We have no complaints regarding the stability of the solution. I would rate the stability nine out of ten.

I rate the scalability a seven out of ten. There are many dependent objects to check, such as compatibility of RADIUS servers, which require time and technical checks.

I have contacted Microsoft support before. The experience can vary; sometimes it is good, and other times it is bad. Much depends on the help desk. My rating for tech support is five out of ten. 

One recommendation for improvement is that support should correspond with the preferred mode of communication indicated in the ticket. Additionally, they should be aware of user time zones to avoid calling at inconvenient times.

Neutral

I have used Microsoft Active Directory and Google.

I have seen value in using Microsoft Active Directory. While it may not return a direct financial ROI, it is a critical part of our infrastructure alongside other solutions like Google Directory.

Microsoft Active Directory can be a suitable choice if you want a suite of Microsoft products like PowerPoint and other Office tools. However, the choice between Google and Microsoft depends on the company's nature of business.

I'd rate the solution eight out of ten. 

I find the product makes it easier to enhance various tools with Microsoft Active Directory. Active Directory can be either on-premises and can also synchronize with the online version of Microsoft Entra.

I find the solution very useful. I can control all the devices in my domain by just changing the group policies in one place.

Perhaps the synchronization could be simpler and more controllable. There are some features that need improvements in terms of ease of use and frequency of updates.

I have used the solution for ten years.

As I said before, there are some things that can be done to improve the integration, mostly with other solutions.

I have never used technical support. I like to solve my own problems.

Neutral

I have always used Spitterest.

I find the setup straightforward, except if I want to make some customizations, it becomes more complicated.

Implementation is done in-house.

I do see a return on investment with this solution.

I'd rate the solution nine out of ten. I find the solution clear.

We use the solution to control environments for different servers.

The solution's most valuable feature is access control and integration with different applications.

The solution is complicated to navigate. We encounter issues while changing the settings. They should improve these particular features.

We have been using the solution for seven or eight years.

The solution is relatively stable.

It is a scalable solution. We can create multiple active directories using it.

The complexity of the solution's initial setup process depends on the environment. It takes a couple of weeks for simple setups and around a month for complicated structures.

We implement the solution with the help of our in-house team.

We have to purchase a license for the solution.

I rate the solution a nine out of ten. It works well in terms of functions and regular backups of the configuration.

Our company is one of Australia's largest virtual IT groups with more than 120 users and 15 managers. 

We use the solution as an on-premises domain controller for our customers under various environments. 

Some customers have on-premises servers and domain controllers so the solution is installed and managed locally. 

Other customers have on-premises servers but want to migrate their mail server to Office 365 so we pair the solution with Azure AD's cloud service to create a hybrid model. The same passwords can be used for the solution and Azure AD by syncing them together through a password writeback process in Azure AD Connect. 

A third group of customers work only with Office 365 in cloud environments so we deploy only Azure AD for those use cases. 

The Solution's most important feature is that it can merge with a cloud-based active directory via Azure AD Connect. Managing active directories that are stored in two different places is a nightmare for network administrators and users, so this is an important feature. 

The solution supports and can integrate with both on-premises and cloud-based third-party applications such as Azure VPN, P2S, Intune, and MDM. Pairing with Azure AD to accomplish this is a unique feature.  

The interface for logs should be user-friendly and allow for enhanced filtering to drill down to incidents. It is time consuming to get a clear picture and review deviations in conditional policies because you have to check each and every log to find information on malicious attacks, a compromised end-user's account, or phishing emails. 

The logs for sign-ins and auditing should be available for more than a 30-90 day window.

Most logs are displayed in UTC but it would be helpful to include time conversions for tenant regions. Currently, we must do time conversions manually before we contact users to share information and troubleshoot issues. 

I have been using the solution for ten years. 

The solution stable and offers one of the best directory services in the world. 

The solution is scalable to any need with the purchase of the appropriate license. It is easy to integrate or migrate to the next level when scaling. 

I have escalated some issues to technical support and think their assistance is average but it depends on the technical capabilities of the representative who is assigned to help. 

Sometimes we get a representative who can recognize the problem and give us exact solutions because they are capable of scheming the issue. 

Representatives who are cannot scheme an issue have difficulty providing us with a solution. 

We have been using the solution for years and have adjusted our deployments to new environments. 

When Office 356 was introduced in 2015, there was some confusion about how to authenticate users with on-premises active directories where identities and authorizations for several applications were managed. 

We introduced Azure AD for use with the solution to integrate Office 365 with our client's environments. This created a conflict because every user now had two usernames and two passwords. 

To mitigate the conflict in those days, we used AD FS to set a 15-minute time interval which would sync on-premises AD with Azure AD. Information from a user reset in AD would push to Azure AD within a few seconds so this allowed users to log in to Office 365 email from anywhere in the world. 

By 2019, AD FS was a legacy system so we moved to Azure AD Connect which can be installed on an on-premises domain controller. Connect accomplishes the same things as AD FS but includes additional features for syncing. 

The setup for the solution is a bit more difficult than Azure AD because it needs to be configured for the on-premises environment.

There are basic steps to guide deployment so an engineer with overall knowledge of AD should not have issues. 

Deployment times vary based on project scope. A deployment with many users, groups, conditional policies, and configuration policies can take up to six hours. An average deployment with a basic setup can be completed in two hours. 

We implement the solution for our customers. 

The solution is based on a licensing model. Some users of Office 365 are provided with a free license. Our company uses P1 and P2 licenses. 

Cost considerations should also include the value of company infrastructure and data. Cost is calculated per user but that does not matter if the alternative is to lose your data because of authentication issues.  

The priority should be securing your data. Less users means less cost but large-scale operations with 2,000 users clearly have important data within their organization and need to protect it. 

The solution is the most reliable and easiest directory service in the world so we became Gold partners to fully support it. 

The only issue is cost for customers. But if you choose another product, you will face technical challenges with integrations because everyone uses the solution or its cross-platform option Azure AD for things like deploying firewalls in FortiGate. 

In those cases, authenticating VPN users is easy because Azure AD is in the same cloud and allows use of its identity server for LDAP authentications using the same protocols, usernames, and passwords as Office 365. We also use Microsoft Authenticator Application for multifactor authentication that provides push notifications and secondary authentications. 

We chose the solution because it easily handles improvements and integrations. 

The solution is one of the best in the world and includes B2C and C2C features that allow guest access, external access, and cross-authenticating two organizations. There is no comparable tool that provides the full range of features offered with the solution. 

Before choosing a license, think like an architect and do a feasibility study to determine the critical features you need rather than just selecting the most expensive license with all available features. Look at your environment to select the best solution.

For example, if you deploy emails in G Suite or IBM Lotus Cloud there is no point in utilizing the solution. But if you want to migrate email from G Suite or Dropbox to Office 365, then the solution can handle delegation of users and file permissions via SharePoint and Active Directory.

I rate the solution a ten out of ten because it is the best solution available in the market. The solution has a few log issues but it is still rated a ten because there is no comparable option. If you have a BMW with minor issues, you can go with a Mercedes-Benz or Rolls-Royce so there are replacement options. But the solution stands alone with no real competitors.