June Project of the Month - Active Directory

Can you believe June has come and gone, just like that?


June was an extremely busy month here at SiFr. It seems like the call for “reopening” also meant businesses are, well, getting back to business.


After a year of project trend on Remote Work, Cloud, and Digital Transformation, June’s most requested projects are around the good-ol’ Active Directory. This may seem unusual, but it’s actually not that surprising when you stop to think about it.


When the pandemic hit over a year ago, businesses were thrust into the Remote Work regime with little or no preparation. This, of course drove an upward trend towards Ransomware, which I’m sure you’ve heard over and over again in the news. In the past year, it seems we just couldn’t get away from Ransomware; it was ubiquitous. Businesses (and government) everywhere became painfully aware that they were not prepared.


As businesses are getting back to normal, we’ve found that most clients are refocusing their effort in preparing for the “new normal”. What does this all mean? If our project requests are any indicator, this means more businesses are focused on securing the core of their business IT and preparing for a more wholistic digital transformation and Cloud migration (instead of being thrown in the deep-end barely keeping afloat). And for most of our clients, core business IT is still the traditional on-premises Active Directory.


Is investing in Active Directory still worth it when more and more businesses are moving to the Cloud?

Unfortunately, there is no simple answer for this. While every business is a little bit different, the main facets we tell our clients to consider are:

  • What is the strategic roadmap for the environment?

  • Is an on-prem Active Directory even required in the future?

  • If not, how long will the existing on-prem AD be required?

Based on the answers to the above, any plan needs to weigh the importance and value of implementation.


It needs to be noted that Azure Active Directory is not an extension of an on-prem Active Directory. It is independent and different. While there is some bi-directional synchronization of specific object types, AD and Azure AD should be considered two separate systems.


What that means is that some of the effort that is put into improving and cleaning up on-prem Active Directory will have no effect on Azure Active Directory.


Still, misconfigured Active Directory domains are a large security vulnerability. Regardless of a plan for migration to the Cloud, it is important for any business to at least focus on security related configurations.


Some of the most common issues in Active Directory we see in client environments are:

  • Excessive privilege

  • Improper permission delegation (leading to excessive privilege)

  • Lack of naming convention and standards

  • Deprecated and unpatched Domain Controllers

  • Convoluted Organization Unit (OU) structures

  • Lack of object life cycle policies

Not all of these items are directly a security risk, but if the environment is too convoluted to be effectively managed, it can lead to oversight and misconfigurations that inadvertently increase the organization's threat surface. We all know that most malicious actors take the path of least resistance, so take care to protect your business from falling prey.


In addition to security, if the environment is too complex to be managed effectively, this increases the need for IT personnel. With a shortage of quality IT talent, organizations really need to be efficient with the use of their time. If your environment has a standard, predictable structure, automation may be leveraged, adding up to significant time savings over the long term.


Don't forget, at the end of the day, Active Directory is simply an LDAP implementation. It is a directory first and foremost and should be leveraged for its full potential.


Frankly, we’re really passionate about Active Directory because it is the core of so many businesses. Despite its age, it has really aged well. Chances are Active Directory will continue to be central to many established, large business or enterprises.


Do you know how well your AD implementation stacks up against Microsoft and industry best practices? Take the guesswork out of your day and contact-us for an AD Assessment today! Not only will you know where you stand today, you will receive step-by-step guidance towards any remediation and recommendations for future state (wooo!! those fluffy Clouds) that's tailored for your organization.

8 views0 comments