The county's vision dictates that directory and group policy changes be based on improving efficiency while keeping the network secure.Tom Magrini, deputy CIO for the city of Phoenix, says, "Everyone knows it makes sense to have one AD for the entire organization, but if you don't take into account each cultural barrier, any one can defeat your best technical solution." Like many AD environments, Phoenix's grew organically across 26 departments."All requests for moves, adds or changes that impact our AD are vetted through the committee, which assesses why we're doing something, what the impact is and what the back-out process is should a change go awry," says Mc Neal.Phoenix, too, has an AD working group that manages directory-specific issues.
One of the biggest challenges for organizations running Microsoft Exchange is building a flexible and scalable directory service.
"This allows us to standardize on the administration of our AD structure and adopt best practices that Microsoft has put forward across the enterprise, rather than having to negotiate with individual entities," Mc Neal explains.
One person manages the statewide environment at the forest level.
Many departments have implemented their own directories for server and workstation management, complicating efforts to create a unified, enterprisewide structure.
"By ignoring the proliferation of directories over time, many organizations have built these byzantine, highly complex directory environments," says Andrew Walls, a research vice president for Gartner.