Microsoft Dependency Has Risks

(blog.miloslavhomer.cz)

151 points ArcHound | 3 comments | 25 Jun 25 20:08 UTC | HN request time: 0s | source

Show context

firesteelrain ◴[25 Jun 25 21:16 UTC] No.44381913[source]▶

>>44381358 (OP) #

For most businesses, the cost and difficulty of shifting away from Microsoft outweigh the benefits

replies(4): >>44381959 #>>44381985 #>>44382500 #>>44384846 #

smaudet ◴[25 Jun 25 21:27 UTC] No.44381985[source]▶

>>44381913 #

Maybe.

Some things go deep, true. However most businesses don't use most of Microsoft products - even the ones that do, the usage of the more complicated products is far more minuscule than imagined by e.g. CFOs, etc.

The real thing keeping many "in the fold" as it were would be authentication services.

Which are overcomplicated and probably easier to manage without...

replies(2): >>44381991 #>>44382259 #

firesteelrain ◴[25 Jun 25 21:29 UTC] No.44381991[source]▶

>>44381985 #

Right, it’s stuff like Active Directory and how everything’s tied together. Once you’re using that for auth, it’s really tough to back out without a lot of effort.

We’ve looked into FreeIPA and similar options, but honestly, nothing really holds a candle to Active Directory yet.

replies(2): >>44382060 #>>44382529 #

AnonymousPlanet ◴[25 Jun 25 21:40 UTC] No.44382060[source]▶

>>44381991 #

AD and Domain Servers are like a cancer that will grow metastases around your org, costing user and client cals all over the place, even for every desk phone if you're not careful. The only winning move is never to play their game in the first place.

replies(2): >>44382090 #>>44382279 #

mnadkvlb ◴[25 Jun 25 22:13 UTC] No.44382279{3}[source]▶

>>44382060 #

genuinely interested, what are the alternatives ? i know ping/forgerock and some old ibm stuff.

what is state of the art today that compares to ActiveDirectory (not talking azureAd - or whatever they call it these days) ?

replies(1): >>44382613 #

1. firesteelrain ◴[25 Jun 25 23:03 UTC] No.44382613{4}[source]▶

>>44382279 #

Samba4 is the closest you can get. It is not as nice as ActiveDirectory.

replies(1): >>44387319 #

2. smaudet ◴[26 Jun 25 13:41 UTC] No.44387319[source]▶

>>44382613 (TP) #

> Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function either as an Active Directory Domain Controller or as a member server.

What's something that AD provides that this does not?

It certainly sounds like an (almost) drop-in replacement.

replies(1): >>44387808 #

3. firesteelrain ◴[26 Jun 25 14:30 UTC] No.44387808[source]▶

>>44387319 #

Samba4 covers core AD features like Kerberos, LDAP, and can act as a DC, but it’s not a full drop-in. GPO support is limited, management tools aren’t as robust (no full RSAT equivalent), and some advanced AD features (like DAC or ADCS) aren’t supported. Fine for smaller setups, but not 1:1 with enterprise AD.

↑