Don't let Microsoft's Active Directory become a
battleground, warns Ratmir Timashev.
Recent figures from Giga Information Group suggest that
only 25% of UK corporates have completed or are in the process of
completing a migration to Microsoft's Active Directory
.
Aside from the technical complexities faced by the implementation
of the technology, businesses now face a very different threat -
one that is being caused by corporate politics.
In Active Directory's case, the promised land is one where
administrative authority can be exercised over all computers and
users in a company. However, this is where the trouble starts.
Heated political debates over who owns the network are getting
worse, and businesses need to take steps to head off trouble.
Political infighting can occur between business unit administrators
who want to be chosen to manage Active Directory, or between
administrators in separate divisions who may be competing for
funding and do not want others to be able to access and make
changes to their directory information. This fear of losing
autonomy is a major problem that needs to be dealt with.
A by-product of decentralised control is that rogue grass-roots
Active Directory domains can start to crop up. This can result in
one business division competing against another and creating
personal domains with specialised rights so that others in the
company cannot see the same data. One of these splinter factions
could end up having a negative impact on the productivity of the
entire company.
This can be avoided by making Active Directory a real business
issue, creating the right environment to force the agenda and avoid
any arguments.
IT needs to become part of the business, but people have paid lip
service to this rationale for far too long. With the issues
surrounding Active Directory, the risk of not taking action is
likely to have severe repercussions. The chief technical officer,
the chief financial officer and the chief executive need to assume
responsibility for the political debate surrounding Active
Directory.
The next step is to set up an Active Directory delegation
structure. The security of Active Directory is sacrosanct and
properly planned delegation can help to avoid any political
infighting.
One network administrator or a group of high-level network
architects must be appointed to be responsible for managing Active
Directory and its associated rights and permissions, both across
the business and in its individual units.
With competing administrators all vying for their piece of the pie,
the decision to introduce a network administrator into the fold is
a potentially thorny issue. Companies must thoroughly explain that
this decision is being taken in the interests of the business in
order to avoid any recoil from a disenfranchised administrator
community.
The enterprise administrator should sit between the executives and
the divisional administrators and will be responsible for
delegating the rights to directory information across the
organisation. This simple step will ensure that any fears over
losing autonomy are allayed. The network administrator should be
the only one able to view all the data, while the other
administrators continue to have access only to the data in their
particular areas.
With huge pride being taken by administrators in their Active
Directory work, it is hardly surprising that they resist
consolidation. Proper and effectively communicated backing from the
board can diffuse political differences and ensure a consistent
approach, setting up Active Directory in a way that best benefits
the entire organisation.
What do you think?
Have you fought any battles over Active Directory?
Tell us in an e-mail
>> ComputerWeekly.com reserves
the right to edit and publish answers on the website. Please state
if your answer is not for publication.
Ratmir Timashev is the chief executive of
Aelita
Software
