Welcome to another episode of Guardians of the Directory, where we pull back the curtain on the real-world challenges in securing and managing Active Directory and hybrid identity environments. In this episode, Craig Birch is joined by Sander Berkouwer, identity veteran, Microsoft MVP, and author of the Active Directory Administration Cookbook, to have a brutally honest conversation about hybrid identity – and why it's more than just "messy"... it's broken.

💡 Key Takeaways:

• Why Hybrid AD isn't just two directories, and how the real architecture adds a third (and sometimes fourth) layer of identity confusion.

• What’s really going wrong with Entra Connect Sync, delegated permissions, PowerShell lifecycle issues, and administrative sprawl.

• ADFS: still lingering, or finally on its way out? Why some orgs are stuck with legacy federation even today.

• The harsh truth about identity governance: the promise of Entra ID Governance, and the licensing challenges that come with it.

• What’s actually working for organizations today — and why baby-stepping IAM might be your smartest move yet.

• The real impact of role sprawl, just-in-time access challenges, and why elevated rights still haunt hybrid AD deployments.

• Fix or Fail: Craig and Sander rapid-fire common hybrid identity practices and decide what stays and what needs to go.

• The one thing Sander would fix today if he could: a surprising insight into replication and its ripple effect on the hybrid identity stack.

🔧 Whether you're wrestling with federation headaches, struggling to consolidate IAM platforms, or just trying to get a handle on delegation and privilege creep, this episode lays out the problems — and a few practical ways forward.