The State of Microsoft Hybrid Client Identity Management

• Azure Active Directory serves a distinctly different role than Active Directory was designed to perform.
• Care and feeding of both directory technologies is still necessary for the foreseeable future. 
• There is no clear path to retiring Active Directory servers on-premises.

Active Directory (AD) and Azure Active Directory (AAD) were designed to meet two very different sets of requirements, decades apart. The simplified infrastructure and management of AAD appeals to many administrators, raising the possibility of retiring on-premises farms of AD domain controllers. However, AD enables complex infrastructure and trust scenarios that ADD is not expected to ever support. Combined with the requirements of layers of legacy applications, organizations will need to maintain AD for the foreseeable future even as they come to rely more and more on AAD. The dependency on aging AD infrastructure is particularly important as it receives limited updates from Microsoft, while becoming an increasing point of attack by bad actors.