A Deeper Dive into Active Directory Optimization – Part 2

A Deeper Dive into Active Directory Optimization – Part 2

Why Bother?

The problem with cleaning up isn’t that we don’t want to do it, we’re just busy. When it’s my basement and my house, the project is contained and has a finite end – when you’re able to finish vacuuming, its pretty much done. I can turn that project around pretty quickly, but even then it needs to be scheduled with all of the other stuff that’s going on in the house that minute, that day, that week. When we’re working with clients and helping to sort out their AD issues, it’s much more complicated, but it’s the same problem again. It can feel like there’s no end in sight – but even then, the reasons for cleaning it up are pretty much the same reasons we clean up our basements and our bathrooms and our kitchens.

One of the biggest reasons that we want to clean things up is so we can get some newer, cooler stuff. If my playroom is a disaster, where am I going to put my new toys? Similarly, one of the biggest reasons to clean up AD is so I can roll out new software successfully – if AD is a mess, it makes the cost of deploying new solutions much higher, and in many cases (IAM rollouts especially) the mess can cause the project to fail entirely. If we’re barely keeping the ship on course, throwing new cargo on the top of the deck isn’t a good idea.

Another reason that we want to tidy up is that each day that passes means the cleanup job is getting worse. Once it gets to the point where you have to wear shoes to step on the floor, you’re past the point where you needed to have something done – you’re breaking the toys you’ve got and creating new shards of plastic that are going to cause even more damage. AD is the same – more OUs, more users, more groups, and more and more places to put them in, with nothing going where it’s supposed to – if we don’t spend time actively fighting the sprawl, the sprawl wins – and who has time to fight sprawl? Left to sprawl out it gets to the point that you’re spending so much time fighting fires to keep the lights on that you can’t spend any time making it better. My mother-in-law calls it being too busy washing dishes to go out and buy a new dishwasher, and the same idea applies to dishes, basements, and AD objects.

A third reason to clean up is to save ourselves and others time. Finding the toy my son wants desperately or the game I want to play when the basement is clean and things are put away is easy. Finding that same toy after the double sleepover party where the playroom looks like a bomb went off – if I can find it at all, I have to hope all the pieces are still there. Once again I see AD the same way – knowing where things go means I know where to look for them when I need them. Easier to find the user I want, easier to put the right person into the right group to get the job done – day to day, my work gets done faster.

Learn how to clean up your Active Directory in Part 3 of this blog post.

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.