The IT manager and I are having a cup of coffee early one day.
“Do you ever go into your kids’ bedroom in the morning to get them ready for school?” he asks me. “It’s a mess in there — clothes all over the floor, drawers hanging open, papers everywhere, closets ransacked. I don’t see how they can function in that.”
I nod and chuckle.
“Then I’m eating breakfast, looking out the window at the backyard — toys all over the place, some dog sleeping on the trampoline, bikes upside down with wheels missing. How can they make such a mess?”
It’s quite a mess, all right.
“That’s why it’s such a relief for me to come here to the office,” he says. “There’s no mess. Everything’s under control and in order here.”
I take a sip of coffee, then ask, “Have you looked in your Active Directory lately?”
Performing an Active Directory Cleanup
If you look inside your Active Directory, you may find quite a mess. Maybe not clothes all over the floor and a dog on the trampoline, but certainly plenty of disarray.
In the world of on-premises computing, the mess is mostly hidden. Active Directory is the main source of authorization for most companies running Windows. It chugs along year after year, enabling Exchange, SharePoint and other enterprise apps, and shouldering more demands and requirements:
- more email
- resource forests
- more domains as a result of M&As
- security risks
- new compliance requirements
These factors can all add to the mess.
As you look to cloud resources like Office 365 and Microsoft Azure for economies of scale and speed of application deployment, you find that getting away from the mess isn’t easy. Success depends on linking your on-premises Active Directory to a directory in the public cloud like Microsoft Azure AD. To ensure that the directories synchronize smoothly, it’s necessary to deal with the mess by organizing, managing and cleaning up your Active Directory.
It’s easier to clean up Active Directory — removing outdated and unwanted Active Directory objects — before synchronizing than to diagnose and correct a failed synchronization. In fact, Microsoft recommends not only cleaning up your Active Directory prior to linking it to Office 365 or Microsoft Azure, but also consolidating Active Directory into a single-forest, single-domain structure prior to linking to the Microsoft public cloud.
Synchronization goes much more smoothly after an Active Directory cleanup, and the resulting Azure Active Directory more closely reflects the reality of your organization.
Active Directory Modernization – White Paper
The rush to cloud-based applications is on, leading more companies to examine Office 365-Active Directory integration. Standing up Azure Active Directory is a big step on the path to the cloud, so we’ve put together a white paper, Modernizing Active Directory for Azure and Office 365, that gives you an overview of cleaning up and modernizing AD in your organization.
Read the paper and acquaint yourself with the main characteristics of a cleaned up Active Directory: normalized structure, consolidated Organizational Units (OUs), good security delegation and solid provisioning.