Keep AD where it is.
Don’t move it.
Don’t rebuild it.
Don’t wrap it in something else just to make access work.
Fix how users reach it.
That means:
- no extending the network
- no stacking VPN on top of exceptions
- no exposing domain services
Handle access as its own layer.
That’s what we’ve been doing with TrueStack.
- deploy a TrueStack server
- route user traffic securely
- keep AD internal
- eliminate traditional VPN dependency
Users connect and hit AD like they’re inside the network—without actually extending it.
At scale, this is where it separates.
Once you cross ~300 users/devices:
- Azure AD + Intune becomes a per-user cost model
- every user adds cost
- every device adds management overhead
With TrueStack:
- ~$768/month
- unlimited connections
- no per-user scaling
- supports multiple AD environments if needed
You’re solving access without turning it into a licensing problem.
If identity isn’t broken, don’t move it.
Keep AD where it is.
Keep AD where it is.