Question 1

What's the difference between Active Directory and Microsoft Entra ID (Azure AD)?

Accepted Answer

Active Directory (often called AD DS) is designed for Windows domains and supports protocols like Kerberos and LDAP plus Group Policy for managing Windows devices. Microsoft Entra ID (formerly Azure AD) is a cloud identity service focused on web and SaaS apps using modern protocols like OAuth 2.0, OpenID Connect, and SAML. Many organizations use both: AD DS for on-prem/Windows domain needs and Entra ID for cloud app sign-in and conditional access.

Question 2

When should I use Active Directory?

Accepted Answer

Use Active Directory when you need Windows domain features such as joining Windows servers/PCs to a domain, applying Group Policy, using Kerberos/LDAP authentication, or supporting legacy applications that expect AD. If you mainly need single sign-on to cloud apps (Microsoft 365, Salesforce, etc.) without Windows domain requirements, a cloud identity provider like Microsoft Entra ID may be sufficient.

Question 3

How much does Active Directory cost?

Accepted Answer

Active Directory Domain Services on Windows Server doesn’t have a separate per-user AD license, but it requires Windows Server licensing for domain controllers and typically Client Access Licenses (CALs) for users/devices accessing Windows Server services. If you use a managed cloud directory, pricing is usually based on the directory type/edition, number of domain controllers, and usage (for example, AWS Directory Service and Azure Entra Domain Services have hourly charges plus additional costs for networking, backups, and related services).

Active Directory

Definition

Real-World Example

Related Terms

Cloud Provider Equivalencies

Explore More Cloud Computing Terms