- Jackson: What software do you use to monitor Active Directory? A: Helpdesk. Jackson: Helpdesk? Who makes that? A: No, I mean our helpdesk calls and tells us there's a problem with AD and we look into it.
- Jackson: Why are you synchronizing all the identity information in Active Directory with the XXX directory? A: That's so our end-users can use the corporate white pages application to look up employee's phone numbers, manager, office location etc. The synchronization doesn't work that well, it takes a long time and tends to fail so we have data integrity problems. Jackson: How about pointing the corporate white pages application at Active Directory and eliminating the synchronization step entirely? A: We've always done it this way; I'm not sure we could do that. Could we?
- Jackson: You could use Active Directory to host that extranet application. The software cost to host the 60 million users (really!) would probably be a lot less than $10,000. You might want to consider that in your choice of identity stores. A: Well, we've got a really good discount on XXX's directory and we've used it in the past. Jackson: Do you use Active Directory? A: Yes, we use it for all of our employees - over 100,000 people are in it. Jackson: You're happy with it? A: Oh yes! Jackson: So why don't you talk to Microsoft and use it for the external project? A: Well, you see we have $5M to spend on the project and at $0.05/user for 60 million users we're getting a really good deal from XXX. Jackson: It's practically free from Microsoft. A: But we are really getting a good deal...
- Jackson: Have you implemented XXX's identity management product? A: Well, not really. Jackson: Why not? A: We haven't been able to get it to work. Jackson: Do you have a good consultant working with you? A: Oh yes, we have a large team from XXX working with us. Jackson: How long have they been working on it? A: Just over two years now.
- Jackson: We have that functionality available now. A: But XXX was in here last week and they said they'd have that functionality in mid-2008. Jackson: We have that functionality available now. A: We're going to wait for XXX. Jackson: If XXX had that functionality today would you buy it from them? A: Yes. Jackson: We have that functionality now. A: Yes, but...
- Jackson: How long ago did you migrate from NT to AD? A: It's been at least two years now since we finished our migration. Jackson: Awesome! You must be happy with the savings. A: Well, we've actually not seen any savings. Jackson: Why not? Aren't you using delegated administration, Group Policy etc etc etc? A: We just migrated each NT domain to its own AD forest so we haven't really been able to do any of that. Jackson: That really isn't the way you're supposed to upgrade. A: We know.
- Jackson: How long have you been working on integrating your Unix & Linux systems with Active Directory? A: Just over 18 months now. Our solution works great in the lab but when we try to roll it out across the enterprise it just doesn't scale. Jackson: Why do you think you've had that problem? A: The sheer number of versions of Unix and Linux that we have. Jackson: How many? A: At last count, over 30. Jackson: Have you thought about trying to reduce the number of versions of Unix and Linux that you use? Or, have you thought about a commercial solution to your integration problem? A: No, we're using an Open Source solution. Jackson: OK, but it's not working, right? A: Right.
- Jackson: What's your biggest priority right now? A: Setting up some external systems for our partners so they can do order access, inventory, shipping and the like. Jackson: So you're thinking of federation? A: You mean like in Star Trek? (I swear this is true!)
- Jackson: Have you considered a password reset product? A: We looked at one but we consider it a security risk. Jackson: Why? A: Because someone could guess the answers to the questions that let you reset the password. Jackson: How do you handle resets today? A: The user calls the helpdesk. Jackson: How does the helpdesk verify who they are? A: They ask them their name, department and extension. Jackson: Isn't that information published in Active Directory?
- Jackson: Why don't you automate the process with software? A: I don't want any more software running on my servers. Jackson: But the documentation on implementing the process manually runs to over 300 pages and it's wrong. Why don't you purchase some software to automate it? A: I don't want any more software running on my servers.