The Active Directory Management Dilemma

    One of the great paradoxes of IT concerns how many applications depend on Microsoft Active Directory in order to automate the management of those applications, and yet the management of Active Directory itself is mostly a manual endeavor.

    A survey conducted by Osterman Research on behalf of Imanami, a provider of management tools for Active Directory, found that 59 percent of the 155 IT managers surveyed were managing groups of users within Active Directory manually.

    The process of managing groups within Active Directory is best described as tedious, rather than painful. The Osterman survey found that on average organizations were dedicating about 8.3 hours of staff time a week to managing 1,000 users. The costs of that staffer will vary by organization, but that amounts to one full work day a week to manually manage workgroups. At a time when IT organizations are under pressure to be more efficient than ever, managing Active Directory is another classic example of where IT organizations are too focused on managing manual IT processes rather than spending more time on tasks that add more value to the business.

    Edward Killeen, vice president of sales and marketing for Imanami, says that beyond lack of awareness of tools that automate the management of Active Directory, other issues that retard the adoption of these tools are the lack of budget and a distrust of IT automation tools in general.

    That distrust, says Killeen, sometimes stems from concerns about losing a job function or a bias toward being able to do a better job of managing particular IT assets themselves by hand. This latter bias, however, may be misguided as configuration errors, usually resulting from the use of custom scripts, are usually the root cause of most IT problems. IT automation tools can reduce those errors considerably, but IT staff frequently distrust these tools because they can’t easily see exactly what these tools are doing to the underlying system. That visibility can be especially important when, as the survey indicates in the case of Active Directory, the task at hand has security implications.

    At the end of the day, however, it comes down to IT productivity. Most skilled IT professionals can probably do something by hand better than an automated tool. But that is frequently beside the point. That skilled IT professional is available only for so many hours in the day. Making sure that IT staff are working on tasks that add value to the business, versus glorified digital maintenance activities, becomes the difference between a well managed IT department and a staff that over time is going to increasingly see low-level IT processes outsourced to third-party providers using the same tools that the internal IT organization could have had, if they only knew they existed and had the budget to acquire them.

    The Active Directory Management Dilemma - slide 1

    Click through to see more results from a survey by Osterman Research and Imanani.

    The Active Directory Management Dilemma - slide 2

    Eight percent use automated tools and 33 percent use both manual and automated processes.

    The Active Directory Management Dilemma - slide 3

    While the majority don’t find updating workgroups painful, a lot of time is spent doing it.

    The Active Directory Management Dilemma - slide 4

    Security clearly tops the Active Directory agenda.

    The Active Directory Management Dilemma - slide 5

    Another 38 percent are concerned but have done nothing about it.

    The Active Directory Management Dilemma - slide 6

    The risks are more apparent than the will to do something about them.

    The Active Directory Management Dilemma - slide 7

    Many IT organizations are finally starting to address some of these issues.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles