A Quick Overview of Active Directory (AD) and Azure Active Directory (AAD)

22 Apr 2024

What is AD and AAD?

Active Directory (AD):

Active Directory is a Microsoft technology used to manage computers and other devices on a network. It is a primary feature of Windows Server, an operating system that runs both local and Internet-based servers. AD allows network administrators to create and manage domains, users, and objects within a network, providing a way to organize a large number of users into logical groups and subgroups while providing access control at each level.

Azure Active Directory (AAD):

Azure Active Directory, now known as Microsoft Entra ID, is a cloud-based identity and access management solution from Microsoft that helps organizations secure and manage identities for hybrid and multi-cloud environments.

Differences Between the Two

While AD and AAD share some basic identity management capabilities, they serve very different purposes. AD is meant for internal networks, managing traditional on-premises infrastructure and applications. In contrast, AAD is designed to support web-based services that use RESTful interfaces for Office 365, Google Apps, etc., and uses different protocols for working with these services (SAML, OAuth 2.0.)

Typical Use Cases in Companies

AD is typically used for:

  • Organizing users and computers within an on-premises network.

  • Authenticating and authorizing access to network resources.

  • Managing policies and permissions through Group Policy.

AAD is commonly used for:

  • Managing user identities and access to cloud applications.
  • Implementing single sign-on (SSO) across multiple services.
  • Enhancing security with multi-factor authentication (MFA) and conditional access policies.

Accessing AD and AAD with Python

Both AD and AAD can be accessed using Python.

For AAD, Microsoft provides the Microsoft Authentication Library (MSAL) for Python, which allows you to sign in users or apps with Microsoft identities and obtain tokens to call Microsoft APIs such as Microsoft Graph or your own APIs registered with the Microsoft identity platform

For AD, while there isn't a direct SDK, you can interact with it using various Python libraries that handle LDAP protocols, which AD uses for directory services.

Thank you for taking the time to explore data-related insights with me. I appreciate your engagement. If you find this information helpful, I invite you to follow me or connect with me on LinkedIn or X(@Luca_DataTeam). Happy exploring!👋