How does your organization handle Active Directory management? Did you know that not every company deals with Active Directory management in the same way or with the same Active Directory tools, and that the differences have as much to do with culture as they do with technology?
Let’s say that a newbie admin accidentally deletes an organizational unit (OU) or changes a Group Policy object (GPO). Suddenly, 26 people in Tech Publications can’t access a shared folder or send jobs to the fast duplex printer. Unhappiness ensues, big time.
If you worked for Company A, which believes in distributed AD administration, you might be responsible for either DNS infrastructure, delegated administration, user accounts, group membership or AD health monitoring, to name a few areas of Active Directory management. You might not find out until your next team meeting that those 26 people in Tech Pubs suddenly couldn’t get their work done one day last week.
Or, if you worked for Company B, which has integrated AD administration, you could be one of a small handful of generalists, and all of you would be responsible for AD management. You might be sitting in the bullpen when your smartphone and three others right around you start chirping the red alert from the help desk. You’d find out in a hurry about those 26 people not being able to get their work done.
Naturally, whether your organization takes the distributed or integrated approach, somebody has to fix the broken GPO or rebuild the OU, right? Actually, first somebody has to:
The only easy part is tracking down that newbie admin who caused the problem and making him buy lunch for the whole IT team.
From what I hear from admins in both distributed and integrated organizations, the problem isn’t that they don’t have tools. The problem is that it takes too many tools to birddog, diagnose and fix things that go wrong with AD. Not to mention just keeping Active Directory secure and healthy on an everyday basis.
Think about some of the common issues that arise with Active Directory, and the native tools Windows provides (Microsoft Management Console, or MMC, in most cases) for dealing with them:
Active Directory doesn’t care whether your AD administration is distributed, integrated or polka-dotted. All it knows is that the tools it comes with aren’t adequate to keep it young, clean and healthy forever. They don’t allow you to control delegation, backup or restore individual objects (without taking AD offline), send alerts about critical changes or monitor Active Directory for health and performance.
Still, things are not completely bleak. We’ve put together an animated video that describes how you can simplify Active Directory management with Active Administrator from Dell:
We’ve also created a white paper called “Complete Active Directory Management from a Single Pane of Glass” with more details on the distributed and integrated approaches to Active Directory management and a wish list for daily AD management.