Identifying Business Issues With An Active Directory
Questions to help you identify issues with an Active Directory implementation
Normal
|
Optimised
|
|
An under-optimised Active Directory implementation can be a nightmare for all, causing
instability and insecurity throughout the Windows infrastructure.
An under-optimised Active Directory provides only basic functionality and usually
gives the appearance of stability and security. This illusion is inevitably broken
by a costly and unforeseen event such as an malicious attack, a damaging administrative
error, or the failure of a compliance audit.
|
An optimised Active Directory implementation is a major asset to any organisation,
offering security, stability, manageability & compliance.
An optimised Active Directory implementation will work quietly in the background
allowing seamless and secure interaction between the various users, services and
devices that make up your Windows infrastructure.
|
Have you ever been afflicted by any of these symptoms?
The Active Directory can be measured - Find out more
Has Active Directory instability ever caused downtime?
The Active Directory is at the heart of any Microsoft Network - it allows all the
various networking components to communicate efficiently and effectively. If the
Active Directory has not been implemented correctly then various symptoms will appear
throughout the Network. It may be that you have had Active Directory issues in the
past that have caused you to lose faith in your implementation.
Back to the top
Are you aware of any internal security breaches?
Most security breaches are internal, and many of these go undetected for long periods.
Anything from an administrator inappropriately reading (and distributing) the payroll
spreadsheets to the implantation of malicious code as an act of revenge can be avoided
by the effective implementation of Role Based Authority within the Active Directory.
Back to the top
Can your admin staff fully utilise your Active Directory?
Different skill sets are required for Active Directory design and Active Directory
Administration. The best way for an organisation to fully utilise Active Directory
is to implement the mature design of a specialist who then delivers complete administrative
documentation to the system administrators who will then be able to make effective
use of all of the specific design features.
Back to the top
Do you have true Role Based Authority?
Role Based Authority is the simple principle that an employee should only have enough
authority to perform the tasks for which they are employed. This is a standard principle
of business that is often overlooked. If all (or most) of your administrators, and
any of your normal users have ‘higher’ authority then the security of your entire
infrastructure is compromised.
Back to the top
Has your Active Directory failed a penetration test?
Any new Network design or optimisation should be penetration tested to ensure security,
this is more true of Active Directory than of many other components due to its central
role in system security. Test failures lead to improvements and test passes lead
to peace of mind. Implementation of structures that have already been tested decreases
the likelihood of test failure.
Back to the top
Are you unsure of your Active Directory?
The Active Directory is at the heart of any Microsoft Network—it allows all the
various networking components to communicate efficiently and effectively. If the
Active Directory has not been implemented correctly then various symptoms will appear
throughout the Network. It may be that you have had Active Directory issues in the
past that have caused you to lose faith in your implementation.
Back to the top
Has your Active Directory ever failed an audit?
Infrastructure audits are carried out for compliance with Best Practices (ISO17799,
ITIL, MOF) or for compliance with industry requirements (S-OX, Basel2). Audit failure
will occur if the Active Directory implementation is incomplete. Audit controls
that often fail are: Control of system and user environments, password management,
use of role based authority, and enforced logging to create audit trails.
Back to the top
Do you have comprehensive Active Directory documentation?
All Best Practices and Compliance guides require full, up to date documentation
for your systems, yet it is rarely present. Lack of documentation leads to ‘key
man reliance’ - knowledge being lost when individuals leave the organisation. New
administrators will take longer to understand and adapt to your systems, and of
course, audits will be failed.
Back to the top
Are your Active Directory Change Control procedures working?
Change Control is a requirement for system stability. Most issues arise when changes
are made, and troubleshooting is faster and more effective with access to a log
of changes. To be effective Change Control Procedures must be backed up by technical
enforcement - i.e. administrators should not be able to make inappropriate changes,
therefore Change Control Procedures cannot be bypassed.
Back to the top
Have you been quoted a fortune for any Active Directory work?
The traditional method of Active Directory design and implementation is expensive
and uncertain. It is common for implementations to be incomplete because of time
and resource issues. Genesis can offer fixed price Active Directory implementations
of the highest security and Return On Investment for a fraction of the normal cost.
Back to the top
The Active Directory can be measured - Find out more