Archive for August 27th, 2010

Administering AD like Houdini

Podcast August 27th, 2010

So, really I am not Houdini. Over the last several weeks I have been dealing with having almost all the little power I had to AD be taken away.

Right now, I can view objects and, add users to groups.

I used to be able to manage user passwords, login scripts, home directories, and basic description fields. But only in a division specific container. All this was manageable but left me unable to take advantage of large portions of AD.

So why did I , really my peers and I get our  limited privileges taken way.  Apparently we failed an audit. Someone was turning on disabled accounts without documenting this action. Not sure if this means intentionally disabled accounts by corporate? or accounts that I disabled and then re-enabled? Accounts that were locked out from failed password attempts?

Maybe you can see the issue already? “communication” It is hard to follow rules that are not clearly defined.

Also, they want us to log reasons for these actions. No one has ever trained me how to record reasons for these actions.

Over the years I have trained myself how to discover these types of things. I also, assume many things. Like if there is a method available to the end user to call a service center to re-enable disabled accounts. I have them use this method, kinda. There are times and places when a 9-5 Monday – Friday service center does not work for an event based business that has a large percentage of events on the weekend. Sometimes I am certain I have bent the rules as I felt was necessary.

I will quit with my rant.

I will find a way to exist within these new walls and try to minimize the impact it has on my responsiveness to the field . [=]

Why you might ask?

Because, there are a lot of advantages we have gained from a centrally managed authentication structure that is tided in with the employee payroll system. A good deal of automation has occurred that helps in regards to removing employees who are no longer with the company. It is also nice to have a centrally managed environment as I have employees that work at multiple sites.