Active Directory

Definition

Microsoft's identity and access management service. Like a master key system for all your digital doors - one login for everything.

Use Cases

• Netflix: Centralized workforce authentication and authorization for corporate systems — Netflix has publicly discussed using AWS for parts of its infrastructure and using AWS Directory Service to integrate directory-based authentication for employees and systems that require Microsoft Active Directory-compatible domain services. (Reduced operational overhead for maintaining directory infrastructure and enabled consistent access control patterns for enterprise applications that rely on AD-compatible authentication.)
• Spotify: Enterprise identity integration for employee access to internal tools and services — Spotify has publicly shared its use of Google Cloud in parts of its platform and can use Google Cloud’s Managed Service for Microsoft Active Directory to support AD-dependent workloads and integrate with Windows-based systems where required. (Improved reliability and simplified administration for AD-dependent services while keeping identity management aligned with enterprise security practices.)

Provider Equivalents

• AWS: AWS Directory Service
• Azure: Microsoft Entra Domain Services
• GCP: Managed Service for Microsoft Active Directory
• OCI: OCI Identity and Access Management (IAM)

Frequently Asked Questions

What's the difference between Active Directory and Microsoft Entra ID (Azure AD)?

Active Directory (often called AD DS) is designed for Windows domains and supports protocols like Kerberos and LDAP plus Group Policy for managing Windows devices. Microsoft Entra ID (formerly Azure AD) is a cloud identity service focused on web and SaaS apps using modern protocols like OAuth 2.0, OpenID Connect, and SAML. Many organizations use both: AD DS for on-prem/Windows domain needs and Entra ID for cloud app sign-in and conditional access.

When should I use Active Directory?

Use Active Directory when you need Windows domain features such as joining Windows servers/PCs to a domain, applying Group Policy, using Kerberos/LDAP authentication, or supporting legacy applications that expect AD. If you mainly need single sign-on to cloud apps (Microsoft 365, Salesforce, etc.) without Windows domain requirements, a cloud identity provider like Microsoft Entra ID may be sufficient.

How much does Active Directory cost?

Active Directory Domain Services on Windows Server doesn’t have a separate per-user AD license, but it requires Windows Server licensing for domain controllers and typically Client Access Licenses (CALs) for users/devices accessing Windows Server services. If you use a managed cloud directory, pricing is usually based on the directory type/edition, number of domain controllers, and usage (for example, AWS Directory Service and Azure Entra Domain Services have hourly charges plus additional costs for networking, backups, and related services).

Category: security

Difficulty: intermediate

Related Terms

• SSO
• Authentication

See Also

• Encryption
• Password
• Firewall
• CloudTrail
• IAM