I’m starting a brand new blog today for all those folks trying to support a Microsoft Active Directory enterprise. I know I get frustrated trying to find information about some of the problems I’ve run into. And after I fix the problem, I (of course) forget to document it since we have no change management system at work. So I’m hoping my blog will at least help me.
And it really is pretty shocking about the lack of a change management system at work, but hey, I’m not in charge. We do, at least, keep track of schema changes. I’m only one of four Enterprise Admins managing an Active Directory infrastructure consisting of:
1 Forest with 1 Tree (so far, so good)
32 Domains (not so good)
550+ Domain Controllers
Our AD has over a million objects at this point in time.
We’re pretty big. And pretty complex, although we’ve done our utmost to keep the basic AD structure and operation as vanilla as possible. Otherwise, the upgrades would eat us alive.
The things I “touch” and/or manage include: DNS, AD, the DC’s (replication, NTFRS, etc), Sites&Services, Domain Trusts, and probably a lot of other junk I can’t think of. Oh, yeah, there’s WINS, too. I try to stay out of the desktop/application server arena, but hey, all problems are “AD isn’t working” problems, right? Sheesh.
There is a Help Desk and I’m in the third (final) tier of support. If I can’t solve the problem, I kick it up to Microsoft (and spend the next five hours trying to explain our environment and what I’ve already done to try to resolve the problem). So I’m sort of the last outpost of civilization before it goes to Redmond.
Well, I’m not alone. There are 3 other EA’s and one of them is super-smart. I’m not that one. I’m just doing the best I can.
So this starts my attempt to explain what I’ve been learning along the way. Maybe it will help a few folks out. Maybe it will just confuse people more.
“If you tell the truth you don’t have to remember anything.” —Mark Twain