Managed Domain Controller

Managed Domain Controller

A domain controller is a server dedicated to authenticating user identities. Traditionally, domain controllers have been found on-prem and are used to help manage user access to on-prem IT resources. However, as more IT resources move to the cloud, more IT organizations would like a managed domain controller to match.

A managed domain controller is effectively a cloud-based authentication solution. Cloud-based authentication solutions can offer a number of benefits compared to the on-prem approach. In order to reveal those benefits, let’s first explore the characteristics of traditional domain controllers to understand how managed domain controllers stack up.

Characteristics of Legacy Domain Controllers

Legacy or Managed Domain Controllers for the modern era?

The concept of a domain controller was first introduced by Microsoft®  Active Directory® (AD) in 1999. At the time, IT networks were predominantly built for a Windows® environment and located on-prem. That meant that traditional domain controllers were effectively designed to manage user access to on-prem, Microsoft IT resources.

The benefit of the on-prem domain controller was that Windows systems could be securely connected to an organization’s IT network upon login. Thus, enabling users to access their provisioned resources that were bound to the network. It was frictionless for the end user and IT had central control.

This approach worked well when IT resources were on-prem and Microsoft-centric. However, the effectiveness of the on-prem domain controller started to break down as the IT landscape began to shift to the cloud.

The Fall of the Conventional Domain Controller

The adoption of web applications like Salesforce and Box in the mid-2000’s signalled the beginning of the end for on-prem domain controllers. Suddenly, end users didn’t have single sign-on (SSO) access to all of their IT resources by simply logging into their systems. Instead, they had to leverage a wide range of credentials for multiple logins.

The result was that IT admins began to patch the approach with first generation IDaaS solutions, otherwise known as web application SSO. The trouble with this approach was (and still is) that it requires IT organizations to implement and manage multiple tools and solutions. Thus, adding complexity and cost to an (Read more...)

*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Vince Lujan. Read the original post at:

Vince Lujan

Vince is a documentation and blog writer at JumpCloud, the world’s first cloud-based directory service. Vince recently graduated with a degree in professional and technical writing from the University of New Mexico, and enjoys researching new innovations in cloud architecture and infrastructure.

vince-lujan has 189 posts and counting.See all posts by vince-lujan