How
about this,
We use
third-party tools for Basic Network Identity Management, Data Integrity,
Consistent Access Management Policies, and Consistent Provisioning of
Resources. Our customers / data administrators demand a lot from our
environment because many are giving up their domains as a result. It
is simple economy of scale to have them consolidate, into a single
system. The problem is that being part of a larger domain means more
users to have to filter through, more resources that are visible, needs for
consistent naming of objects (Especially CN) and filling out
of a Description field that helps identify the uniqueness of
the object. If you put let say 70 directory level administrators in a
single domain, you might be able to get them to do some basic
Identity Management, but eventually it will fall off, and fields would go
unpopulated or populated with inconsistent data, access management policies
would go lax, and eventually your directory would get bloated with possible bad
data, inconsistent data, and possible the ACL's would get to unwieldy. In
a proxy system, you could also provide better protection from web access, and
also reduce the size of ACL's on native storage.
My
rule of thumb is, if it is larger than 1000 users and there is regular turnover,
it is a good idea to automate.
Toddler
|
Title: Message
- RE: [ActiveDir] Seeking some feedback ... use of 20... Myrick, Todd (NIH/CIT)
- Re: [ActiveDir] Seeking some feedback ... use ... Glenn Corbett
- RE: [ActiveDir] Seeking some feedback ... use ... Myrick, Todd (NIH/CIT)
- RE: [ActiveDir] Seeking some feedback ... use ... Robbie Allen
- [ActiveDir] Seeking some feedback ... use of 2... Dean Wells
- Re: [ActiveDir] Seeking some feedback ... ... Glenn Corbett
- RE: [ActiveDir] Seeking some feedback ... Dean Wells
- RE: [ActiveDir] Seeking some feedb... Joe
- RE: [ActiveDir] Seeking some ... Dean Wells
- Re: [ActiveDir] Seeking some feedb... Glenn Corbett
- RE: [ActiveDir] Seeking some feedback ... use ... Myrick, Todd (NIH/CIT)