Identity Management
The Essentials Series: Tackling Active Directory's Four Biggest Challenges

by Greg Shields


Active Directory is pervasive in virtually every Windows environment. It’s the platform upon which all your users, computers, applications, and data reside. As such, managing it correctly is key to ensuring the health of your entire IT infrastructure. Yet for many, Active Directory is a big, black box. You know how to interact with its common tools like Active Directory Users and Computers. But do you know the best practices for more complex tasks? These critically important tasks like merging and restructuring domains, recovering deleted objects, automatically provisioning new users, and enabling useful auditing aren’t obvious to accomplish, and can be painful to use with Microsoft’s native tools. The Essentials Series: Tackling Active Directory's Four Biggest Challenges will discuss exactly how to accomplish those four tasks with an added conversation about the additional tools you may want to consider in easing the administrative burden of these activities.


Article 1: Merging and Restructuring Domains without User Impact

The workings of business are dynamic and ever-changing. Companies merge and split, acquire and restructure. The legal challenges in reconfiguring your business are hard, but even those complexities don’t hold a candle to the challenges in restructuring your Active Directory. This first article will discuss the steps you’ll need to complete a domain merge or restructure, as well as some of the critical pieces that are lacking in Microsoft’s native solution, the Active Directory Migration Toolkit.

Article 2: Quickly Recovering Deleted Active Directory Objects

Do you know the difference between an authoritative and non-authoritative restore? Do you know exactly what to do should someone accidentally delete an object or an entire group of them? This article will show you exactly how to perform a restore. It’ll also talk about some of the missing bits that make using native tools to accomplish this more difficult than it needs to be.

Article 3: Automatically Provisioning New Users

Need to provision a new user, but want to automate it from the command line? Microsoft brings PowerShell to the rescue! This article will provide some sample scripts for things like creating a new AD user account, creating an Exchange mailbox, and adding a user to SharePoint. Doing this at the command line is easy, yet creating an enterprise-worthy solution is not. You’ll also learn in this article why smart businesses look to alternate approaches for provisioning new users, and how it saves you time and effort.

Article 4: Enabling Useful Active Directory Auditing

Windows Server 2008 adds new and much-needed logging capabilities to Active Directory. The original nine auditing categories are now broken down into 50 subcategories. Learn how to enable this granular auditing on your Domain Controllers. Learn also how the use of external log gathering and reporting infrastructures can further increase your security and help you pass those audits.