Comparing Active Directory and Entra ID

• Microsoft’s Entra ID hosted identity and access management service has largely superseded on-premises Active Directory.
• Active Directory retains a role for on-premises systems and applications, and integration with Active Directory Federation Services
• Only the smallest organizations can consider retiring Active Directory at this time.

Active Directory Domain Services (AD DS) continues to be the hub of identity and access management for many organizations’ networks and on-premises systems. However, Microsoft’s hosted Entra ID service (previously called Azure Active Directory [AAD]) is required to use almost all Microsoft-hosted services. Customers with significant on-premises Windows Server infrastructures should understand Microsoft’s direction with enterprise identity and access management (IAM), which frequently requires adoption of Entra ID paid tier subscriptions for most or all users.

The Role of Active Directory

AD DS, sometimes referred to as Active Directory or AD, has been the core of Microsoft’s IAM infrastructure since Windows 2000. AD DS is a Windows Server role and requires Windows Server Client Access Licenses (CALs) for all users or devices accessing the service. The services offered by AD DS include a directory of users and computers that is compatible with Lightweight Directory Access Protocol (LDAP). AD DS also provides the authentication infrastructure needed for users to access AD-compatible services and applications including Windows Server file shares, and many deployments of SQL Server.