News Stay informed about the latest enterprise technology news and product updates.

Active Directory deployment dos and don'ts

Implement a poor Active Directory design, and your organization will feel a lot of pain as you change it. An AD deployment expert offers a planning guide that can help you avoid that pain.

Olivier Thierry wagers that few Windows managers have tackled projects as challenging as planning a deployment...

of Microsoft's Active Directory. "Active Directory is not technologically complex, but it forces one to rationalize the organizational definition and in certain organizations this can be extremely political," explained Thierry, vice president of marketing for NetIQ Corp., a San Jose, CA-based e-business infrastructure management and intelligence solutions provider. "Implement a poor Active Directory design, and your organization will feel a lot of pain as you change it."

To help IT professionals avoid painful mistakes in their migration projects, Thierry offers these tips for planning a successful Active Directory deployment.

Do determine why you want to use AD. Figure out what you're going to use it for. For example, if you're going to go migrate Exchange 2000, then you need Active Directory.

Do think about every aspect of the migration. Are you really using it only for Exchange 2000? Is this going to be used as a central hub for information on your employees? Is it only there to serve as the backbone of information for your NT or Windows 2000 network? Know what goal are you trying to achieve.

Don't go into it just because Microsoft said you need to do it. Do it because you see the benefits.

Do take a step-by-step approach. "Your design has to be complete enough for everything that you want to do, but your implementation needs to be done in stages and very selectively," Thierry explains. Think about and plan for the entire directory structure and then deploy incrementally and measure against that template.

Don't give Active Directory to your summer student to figure out. Do put your best, most skilled people on the job. "This is tricky stuff," Olivier says.

Do put people from all parts of your organization on the project team. "You're going to need to have multiple parties have to agree on the definition of the structure of the directory because multiple parties will be using the directory," says Thierry. "It's no longer just the purview of IT." Active Directory is going to be used by the business unit users. "People are surprised by the amount of politics engendered by the definition of the Active Directory structure," he adds. "So your project team needs top-down political buy-in."

Don't expect a large organization to deploy Active Directory quickly. "In large organizations Migration to Active Directory can be a huge project," says Thierry. "It is not a weekend deal. For some organizations, this project can extend well beyond a year. Overall, Active Directory is much more complex in definitional structure than anything that most Windows-based IT people have encountered."


sarchWindowsManageability News & Analysis: Migration dos and don'ts

Dig Deeper on Windows systems and network management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.