IAM Myth Busting: Active Directory - Toy or Titan?

An old myth accepted as fact: Active Directory is something between a huge burden or a neat toy, but it isn't up to the job for meeting my big directory and identity needs.

It’s hard to count the number of times I've sat in meetings with very smart folks in the IT world who are off on soliloquies about how AD is not enterprise scale, or not secure, or somehow deficient as a platform. On the outside I keep it professional, of course. On the inside I'm quoting Will Smith’s Bagger Vance, “That's the dumbest thing I heard any fool say. Ever.” Now, that’s likely an exaggeration. I have a liberal arts degree. I've heard people say quite a few dumb things. But it’s amazing to me that after over a decade of powering the logins, file access, and every other front office function from the largest to the smallest organizations on earth that so many folks still don't recognize that AD is one of the most successful and powerful IT systems ever built and deployed.

Now, don't get me wrong. It’s far from perfect. And of course it’s had some major issues over its lifetime. But any system that gets used and abused this much is going to run into problems. My team has also made an industry out of creating solutions to both strengthen and extend the reach of AD. So its imperfection has been a good thing for us. The point is not to make AD out to be some panacea. Instead, the point is to be sure that you get the most out of your money. If you love it or hate it, you'll need to deal with AD. Any fault in it will be immediately noticed as it affects the end users. So you're going to need to make it bulletproof and scalable. If you're going to have a bullet proof, scalable directory system, why not leverage it for more than just one thing? There’s a bit of a trick in that logic. Many people think AD is only doing one thing today – supporting desktop logins. In reality it’s powering a huge array of functions, even if you only use it for the bare minimum. But you can get it to do more. And you should. You're going to pay the price to make it up to the task either way.

Anonymous