IFAS Computer Coordinators - AD Subcommittee

 

Microsoft Active Directory – Advantages and Disadvantages

v.1.1 KUH - revised Tuesday, May 28, 2002: Further summarized and “de-technified” advantages/disadvantages for inclusion in executive summary.

 

Advantages of Active Directory (AD) that support implementation:

• AD is the next logical step in the natural progression of Microsoft’s enterprise computing platform, and officially replaces Windows NT4.0 to which IFAS committed in 1998.
• Brings IFAS computer users one step closer to a single sign-on environment (Gatorlink).
• Allows delegation of administrative control to unit administrators without jeopardizing security of the entire domain.
• Provides simplified means for improved collaboration between IFAS users at different units/departments.
• Allows centrally managed software installations, updates, repairs, and removal. Admins can track licensing, install service packs & security updates without having to visit each desktop.
• Provides means for granular control of the user environment (i.e. drives, printers, desktop) for users and/or computers based on physical site, logical domain, or organizational unit.
• Supports secure remote control and administration of servers and workstations.
• Provides for establishment of a consistent user environment (including applications) regardless of where the user logs in.
• Provides significantly improved operating system stability.
• Provides support for disk quotas.
• Provides improved security infrastructure, including EFS (encrypted file system), PKI (public key infrastructure), and IPSec (over-the-wire data encryption).
• Optimizes replication and logon traffic over slow links.
• DNS records are dynamically maintained.

 

Disadvantages of upgrading to Active Directory:

• Because the directory is shared, any modifications to the schema will require coordination with a central authority (IFAS-IT). Procedures for this must be established.
• Domain members (potentially every IFAS unit and department) must agree on a common password security model (i.e. expire time, lockout duration, etc.).
• IFAS-IT could conceivably mandate unwanted policies with no option for overriding at the unit level (domain, or OU). Procedures for redress must be established.
• Migration to AD will require some server upgrades / replacements.
• Migration may require allocation of additional FTE’s to support maintenance of the directory.