Don't let Microsoft's Active Directory become a battleground, warns Ratmir Timashev.
Recent figures from Giga Information Group suggest that only 25% of UK corporates have completed or are in the process of completing a migration to Microsoft's Active Directory .
Aside from the technical complexities faced by the implementation of the technology, businesses now face a very different threat - one that is being caused by corporate politics.
In Active Directory's case, the promised land is one where administrative authority can be exercised over all computers and users in a company. However, this is where the trouble starts. Heated political debates over who owns the network are getting worse, and businesses need to take steps to head off trouble.
Political infighting can occur between business unit administrators who want to be chosen to manage Active Directory, or between administrators in separate divisions who may be competing for funding and do not want others to be able to access and make changes to their directory information. This fear of losing autonomy is a major problem that needs to be dealt with.
A by-product of decentralised control is that rogue grass-roots Active Directory domains can start to crop up. This can result in one business division competing against another and creating personal domains with specialised rights so that others in the company cannot see the same data. One of these splinter factions could end up having a negative impact on the productivity of the entire company.
This can be avoided by making Active Directory a real business issue, creating the right environment to force the agenda and avoid any arguments.
IT needs to become part of the business, but people have paid lip service to this rationale for far too long. With the issues surrounding Active Directory, the risk of not taking action is likely to have severe repercussions. The chief technical officer, the chief financial officer and the chief executive need to assume responsibility for the political debate surrounding Active Directory.
The next step is to set up an Active Directory delegation structure. The security of Active Directory is sacrosanct and properly planned delegation can help to avoid any political infighting.
One network administrator or a group of high-level network architects must be appointed to be responsible for managing Active Directory and its associated rights and permissions, both across the business and in its individual units.
With competing administrators all vying for their piece of the pie, the decision to introduce a network administrator into the fold is a potentially thorny issue. Companies must thoroughly explain that this decision is being taken in the interests of the business in order to avoid any recoil from a disenfranchised administrator community.
The enterprise administrator should sit between the executives and the divisional administrators and will be responsible for delegating the rights to directory information across the organisation. This simple step will ensure that any fears over losing autonomy are allayed. The network administrator should be the only one able to view all the data, while the other administrators continue to have access only to the data in their particular areas.
With huge pride being taken by administrators in their Active Directory work, it is hardly surprising that they resist consolidation. Proper and effectively communicated backing from the board can diffuse political differences and ensure a consistent approach, setting up Active Directory in a way that best benefits the entire organisation.
What do you think?
Have you fought any battles over Active Directory? Tell us in an e-mail >> ComputerWeekly.com reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.
Ratmir Timashev is the chief executive of Aelita Software
This was first published in May 2003