RE: [ActiveDir] MMS 2003 and ADAM 2003

[Joe]

Title: Message

Glen if you don't mind my asking, how large is your environment. I started to get impressed by the 12 people comment and then realized I had nothing to go on in terms of how many servers and people you were actually supporting. >100? >1000? >10,000? Etc.   We have a 3 analyst + 1 manager ops team for Active Directory/Domain Controllers/WINS with some 380-400 servers for that stuff. There is a separate OPS DNS team (UNIX based DNS and mixture of outsourced and insourced), a separate email OPS team (outsourced), user management is all delegated out to local sites (hundreds) as is group and workstation management though various proxy and native delegation methods and the last time I counted the number of local site admin ID's (ID's with very basic AD delegation such as ability to manage the membership of site groups or join workstations) were in the thousands. Server Accounts and group objects our group handles creations of but we don't manage the servers themselves though issues with them tend to get us involved if escalated.   We are currently working on E2K deployment so mostly the AD team is running with 2 analysts and the manager and I am off in the lab trying to work out the ills of E2K and its delegation and management. I think it would have been helpful had it been written in such a way to work well that way but it seems someone on the E2K Dev team likes poor gui methods and didn't have a lot of understanding of the best ways to use Active Directory. Enough of that though...      joe       -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glenn Corbett Sent: Sunday, June 29, 2003 7:17 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] MMS 2003 and ADAM 2003 Rick,   Agreed, VMware does has some advantages, however MS dont seem to be a big fan of it in production (funny that).  Suggested (jokingly) that we would deploy our MOM configuration on two VMware instances on a server, and that would be supported by them.....correct ?.  The looks on their faces were pricesles....Gotta love winding the MS guys up occasionally...its good for the soul :)  To a certain extent, limiting or banning the use of VMware is good for us, since we have requirements for setting up dev/test environments on "real" hardware, and there is only so much to go around.  Makes them think ahead a bit more.   In our current environment, we have a few things that do ease some of the usual problems with larger organisations (this is in no particular order).   1.    The developers are kept very busy on numerous projects, so "fiddling" around with things like AD is seen as non-productive, and better left to someone who's job it is (ie me). 2.    We have a very lean and mean (the good mean, not the bad one) support team, with a total of less than a dozen people looking after AD, servers, infrastructure, messaging, data managment, system monitoring, backup and security (I'm sure there are a few others as well).  Therefore we are able to impress on the organisation that an easily maintable system allows us to keep this lean and mean structure which ultimately benefits the organisation (less overall cost spent on IT support). 3.    We have the support of senior management, and the infrastructure support teams report directly to the CIO 4.    We have recently undergone MAJOR shifts in the IT support function (essentially being outsourced, and then insourcing).  This has given a major opportunity to "do it differently to the other guys".   Ultimately, yes, control does creep in, but as I said in a recent post we emphasise to the applicaiton owners and the dev teams that if they design something we can ultimately support and take the day-to-day goings-on off their hands, they can get back to playing with the new cool stuff.  This makes them happy, and its a win-win for everybody.   And no, its not smooth sailing with all the dev teams, but since some of them may be on the list too, I dont want to name names :P   I have certainly been in a similar situation as you (fairly recently actually), and it goes get the grey hairs going.  I used to have a tanty every week or so when some stupid request would come in from the dev teams, but I always wrote things down to use as BSD (Bacon Saving Devices), and when things went pear-shaped, just wheeled the documentation out basically exonorating me from the current crisis (still had to fix the damn things though).  After a few of these, things started to turn around, but its a never ending battle. *sigh*   Glenn     ----- Original Message ----- From: Rick Kingslan To: [EMAIL PROTECTED] Sent: Sunday, June 29, 2003 2:05 PM Subject: RE: [ActiveDir] MMS 2003 and ADAM 2003 Yeah, I have to agree with you on the licensing costs on user basis, but it sure beats the hell out of the fights over the test lab, or the added costs that might be associated with hardware, etc. for test environments for everyone who THINKS they need it.   BTW, I'm impressed by the level of co-operation and (the word CONTROL keeps wanting to creep in, but I don't want to use that....) work ethic you seem to have with your dev folks.  Granted - you're 100% correct.  Having support from the top is hugely important, and one of the prime things that I'm suffering from right now - management with no backbone, which puts me into the position of being the bitch of each and every idiot client want and desire, however completely unrealistic, undesireable and undeliverable it might be.  But hey!  I'm not bitter!  ;-)   Rick Kingslan  MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone