I have had the opportunity to speak with Sean Deuby and really appreciate his insights into Active Directory and understanding of the challenges that face most IT Pros. So, I watched this interview, titled Active Directory in the Enterprise, with him by Paul Thurrott with great interest.
At about 2:20 into the interview, he states a statistic that was very illuminating — that about 80% of all IT pros are IT generalists. And that makes sense, at most mid-sized and smaller companies, IT pros have to wear an incredible number of hats. Even at larger companies, with the level of cutbacks in recent years, each IT pro is asked to more and more with less. IT pros can rarely concentrate on a small specialized subset of tasks without, at the very least, understanding how the entire infrastructure fits together. With more complicated an advanced systems, IT pros are probably only going to have to get more generalized.
What does this have to do with Active Directory? It has to do with some of the arcane rules with AD and Exchange that need to be followed as processes are created around AD. Things like what kind of AD group can be nested into another. How does one version of Exchange deal with creating objects in AD vs. the previous. How does cross forest authentication work if you want a corporate employee to manage a partner user object in another forest. If you are a IT generalist, how do you keep track of this stuff?
The recent survey by Osterman Research made it clear that our biggest competitor for Active Directory group management is IT departments performing manual processes. Over 90% of all organizations perform some manual processes to manage AD groups while just under 60% perform manual processes exclusively. This is troubling because the same survey found the cost to do this is prohibitive and these manual processes still aren’t doing that great of a job on a very security and productivity impacting task.
In my mind, the solution is purpose built software for automation and delegation. Let the vendor worry about AD’s vagaries and hold them accountable for understanding it. At Imanami, we have a philosophy to be “light on the enterprise” meaning we don’t require a huge infrastructure footprint or deep understanding of AD’s intricacies on the part of our admins. In fact, once set up, we don’t require much in the way of day to day adminning (if that’s not a word, it should be).
I read a great rant the other day about holding your vendors accountable and believe this should be done. It’s our job to make sure that a generalist can get the same results as a specialist in less time with less manual work.
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.