News Stay informed about the latest enterprise technology news and product updates.

What is Next Generation Active Directory?

While the folks from Microsoft talked about a lot of different technologies at last month’s Professional Developers Conference, one of the most interesting ones is what the company is referring to as Next Generation Active Directory (NGAD).

Naturally, any new Active Directory developments are sure to cause admin ears to perk up. So what exactly is this next-generation AD and what does it mean?

It’s in the very early stages of development, so we don’t know a lot. In fact, NGAD is not even an official name, and we are nowhere near any sort of official release. What we do know, however, is that NGAD is not going to be a completely new version of Active Directory, despite what Microsoft’s internal name for it might suggest. In some ways, it could even be interpreted as another example of the company’s commitment to the cloud.

I spoke with Directory Services MVP Laura E. Hunter, and she described NGAD as a way for Microsoft to provide a “SQL-like frontend” where admins can make authorization decisions. The examples she gave were functions such as “age over 21” or “can approve expense reports = TRUE,” similar to what AD Federation Services 2.0 does now, only taking things one step further.

So where does the cloud fit in? Well it’s really all about the way administrators deal with directories and applications, and creating a common interface no matter if those directories or apps are on premise or in the cloud. As Computerworld’s John Fontana puts it, “users will not have to alter their existing directories but will have [the] option to replicate data to NGAD instances.”

NGAD is to be based on the claims-based identity model, which Microsoft describes as when an “application makes identity-related decisions based on claims supplied by the user. This could be anything from simple application personalization with the user’s first name, to authorizing the user to access higher valued features and resources in your application.” In other words, the claims-based model is a simplified way of governing access control.

Again, it’s very early, so no timeframe for NGAD has been given. It’s possible that whenever it is released, it will be a standalone product that also comes with Windows out-of-the-box, similar to Hyper-V.

For more Active Directory news and info, visit