News Stay informed about the latest enterprise technology news and product updates.

Best practices for Active Directory staff development

IT managers who want to make the most out of their investment in modern server OSes like Windows Server 2003 shouldn't neglect staff training on Active Directory.

IT managers who want to make the most out of their investment in modern server operating systems -- specifically Windows 2000 and Windows Server 2003 -- could do far worse by not providing staff training on Active Directory (AD).

That investment will yield high dividends in improved security and increased productivity by taking advantage of these features:

  • Single sign-on, which allows Windows users who prove their identities to AD servers to automatically use corresponding security profiles on mainframes, database servers and other restricted access applications.
  • Automatic provisioning, which lets administrators set up a user account, assign it membership in certain user groups and establish a location for a user desktop machine. This automatically leads to allocation of telephone and fax numbers, delivery of a desktop and access to job-related software tools and applications.
  • Restricted access to specific applications and datasets based on group membership(s).
  • Integration of biometric devices or multiple password challenges, which enables support for multi-factor authentication for organizations with stringent security requirements.
  • Reduction of lost productivity or deployment delays from all of the above owing to poor Active Directory planning, design and management.

Fortunately -- or unfortunately -- there are many staff development venues available for IT managers looking to bolster their department's AD skills and knowledge. To narrow down the choice, managers should ask themselves two questions: "What will work best for my organization?" And "What price can my company afford?"

MCSE track

For organizations with experienced Windows administrators already holding the MCSE (Microsoft Certified Systems Engineer) credential for Windows NT or Windows 2000, there are a number of boot camps offered by companies that do an excellent job of developing basic Active Directory skills and knowledge in the MCSE curriculum for Windows Server 2003. The coursework for this certification emphasizes learning how to create workable, sustainable AD environments. It covers both design and infrastructure/operations on AD, plus essential topics such as directory planning, design, implementation and troubleshooting. The track also highlights what's new, different and useful in the latest version of AD in Windows Server 2003 -- a topic of frequent concern to those migrating from Windows 2000.

One caveat: Although some companies do a good job of prepping people for the whole MCSE enchilada, their programs may be overly broad and not sufficiently focused for Windows IT professionals seeking an infusion of AD-specific knowledge. Such companies include Intense School, Global Knowledge, Vibrant Boot Camp and Tech Now. If you're looking for a targeted program within the MCP curriculum, make sure you direct your staff to AD-specific exams such as Exam 70-294, "Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure," or Exam 70-297, "Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure."

Tips for low-budget, high-motivation operations

Companies with highly motivated staff but shallow pockets can get by with a combination of online courses, computer-based training (CBT) and books on Active Directory. But if you're in that category, consider investing in a non-production test lab where enthusiastic staff can practice skills without actually impacting production systems or networks. You'll want a minimum of two systems (preferably three or four), plus server licenses, virtual machine software to simulate large, complex environments, and adequate lab and learning time to allow people to get comfortable with AD. Figure on six months to a year before such a program can show results. The cost should run no more than $800 per person, not including staff time.

For the actual training, Microsoft's free E-Learning clinics are a good place to start. Currently, Microsoft offers three courses that deal substantially or completely with Active Directory. In the commercial realm, there are also options from companies like The Learning Center, World Wide Learn, Netdesk Corp. and Train Signal Inc. that range in price from $200 to $500.

Your favorite online bookstore is also a good source of low-budget training information. Search on "Active Directory" to get a sense of the large number of titles available on this subject. Of the more than 100 offerings you will find, titles from O'Reilly & Associates, Addison-Wesley Professional and Microsoft Press get particularly high marks in expert and reader reviews.

Training with the masters

When it comes to expert access and the real inside story, there's no substitute for training with the Active Directory "masters." These will generally be your most expensive alternative, but they are also the most focused and germane.

A handful of companies -- including BindView Corp., NetPro Computing Inc. (well recognized for its "Directory Experts Conferences"), Quest Software Inc. and Moskowitz Inc., for example -- specialize primarily in Active Directory training, consulting, implementation and related services.

The bottom line: Your budget, timeframe and staff's experience will dictate which path (or combination of paths) works best for your organization. But if you choose wisely, the accrued benefits should be well worth the investment of your company's training dollars.

Ed Tittel is a full-time freelance writer, trainer and consultant who specializes in matters related to certification and training, information security, markup languages and networking technologies. He's a regular contributor to numerous TechTarget Web sites, technology editor for Certification Magazine and writes an e-mail newsletter for CramSession called "Must Know News."

Dig Deeper on Windows administrator jobs and training

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.