I spend a lot of time talking to customers. I wish I could spend more because you really do get a view into their world, their problems and their priorities. My uber-goal is to try to amalgamate those customer visits and see trends that provide me insight into the overall market.
One trend that I have started to see is the number of customers that have been telling me that their Active Directory design and architecture is more than 10 years old and they’ve decided it’s time for an overhaul.
Do you remember what we are all first told by Microsoft about Active Directory security architecture? Here it is: “A domain is the security boundary in AD.” Then, we were told: “Ooops, a domain isn’t the security boundary in AD. A forest is the security boundary.” So what ended up happening is a lot of companies – especially banks and multi-nationals – architected and deployed their Active Directory with multiple forests. Now the “ooops” has come back to haunt them.
Many companies have found that managing multiple forests is a pain in the butt. What’s worse is that with the advent of the cloud and things like federation and Office 365 there are scenarios where having multiple forests really, really complicates things. So many customers are working at reducing the number of forests in their environment and also reducing the number of domains while they are at it. In fact, I met one multi-forest, multi-national bank that simply decided to start over from scratch: They set up a brand new single forest and are migrating over to it. (Aside: that same customer already had 5, yes 5, IAM platforms in use. Amazing!)
Is it time for your 100,000 mile/10 year engine overhaul? If so, we have a great tool to help you called Quest Migration Manager for Active Directory. It has 10 years of experience helping customers through these exact scenarios.
No comments:
Post a Comment