Skip to content
Deepak Gupta markTech Graveyard

Tech Graveyard/infrastructure

On-Prem Active Directory (1999 to Zombie)

Active Directory is the most successful piece of enterprise software that nobody chooses anymore. It runs 90% of Fortune 500 backends and 0% of new deployments.

Born 1999 · Still dying · Status: zombie

Certificate of Death

Name of decedent

On-Prem Active Directory

Born
1999
Died
Age
27+

Cause of death

Remote work and SaaS adoption made the on-prem domain controller indefensible

Survived by

Microsoft Entra ID, Okta, JumpCloud, Google Workspace

Invented by

Brian Valentine's team at Microsoft

Status: ZombieFinal breath: 2032

Filed by D. Gupta · guptadeepak.com

The hook

I have not seen a new on-prem Active Directory deployment win a competitive bake-off since 2022. AD runs 90% of Fortune 500 identity backends. Both statements are true.

Thesis. Active Directory is not dying from a feature gap. It is dying from a model gap. The 'trusted network' it was designed to protect does not exist anymore.

The story

The origin

Windows 2000 launch, February 2000. AD replaced NT domains, brought hierarchical organization, and became the spine of enterprise IT for the next two decades. Every employee, every laptop, every printer, every login.

The peak

2015 to 2018. AD was the moat around the enterprise. Group Policy, Kerberos tickets, LDAP queries, the works. The infrastructure team that ran AD was the most important team in IT.

The first crack

2020 pandemic. Forced 100M+ people off the corporate network overnight. AD's perimeter assumption broke. The 'inside the firewall' state stopped being a thing for most knowledge workers.

The Microsoft pivot

Microsoft itself stopped recommending AD for greenfield deployments. Entra ID became the answer. The rebranding from Azure AD to Entra ID in 2023 was the strategic signal: cloud is the direction.

The zombie state

Too expensive to migrate, too risky to leave. Hybrid configurations multiply. Average AD-to-Entra ID migration costs $200 to $500 per seat fully loaded. For a 50,000-seat enterprise that is a $10M+ project that delivers no new features, only risk reduction.

Key data points

  • Windows 2000 launch (with AD): February 2000
  • Fortune 500 AD usage estimated: 85 to 95%
  • Microsoft Entra ID rebrand from Azure AD: 2023
  • Average AD migration cost: $200 to $500 per seat
  • Notable holdouts: government, defense, regulated finance

Contrarian angle

Microsoft's most profitable product in the next decade may be helping enterprises migrate away from Microsoft's most successful product of the last decade.

The flip side

What replaces it

The paired prediction in Future Tech.

Read the prediction

FAQ

Is Entra ID just AD in the cloud?

No. Entra ID is a different identity model entirely (OAuth, OIDC, SCIM) running in Microsoft's cloud. It can sync with on-prem AD via Entra Connect, but the architecture and protocol surface are different.

Why can't enterprises just retire AD?

Legacy applications. Most large enterprises have hundreds of internal apps that authenticate to AD via LDAP or Kerberos. Migrating those is the actual project; the directory swap is the easy part.

What's the security risk of running AD in 2026?

AD's privilege model (domain admin = god) is incompatible with modern least-privilege architectures. Every major ransomware playbook includes 'compromise the domain controller.' The risk is structural, not patchable.

More from guptadeepak.com

Want the technical deep-dive on what replaces this?

Read the companion article

Related obituaries

More from the infrastructure graveyard.