Anything above a few hundred and using ADUC I expect is
more expensive and error prone than using some form of provisioning automation,
and note, I am not saying MIIS as the provisioning tool. I am just saying there
needs to be some form of provisioning automation even if it is scripts fired by
the admin. At the widget factory initially delegated admin IDs all had to be
handled by the DAs, that was only a couple of thousand IDs and that immediately
got handled by scripts. That made creation of an admin ID take all of about 2-3
seconds and a password reset took that much or less. You won't even see the ADUC
GUI in that time frame and the chances of mistakes are far
greater.
Some
people may not like to think that their job function could be replaced by a
script or program but it is the truth[1] and in any environment, the people
costs are truly the higher ones. Both from straight monitary costs but also
mistakes, etc. The main reason to add more people should normally be for
redundance or flexibility in being able to do more different / ad hoc
requests that come up. The basic administration of the environment should mostly
be automated and take at most one FT position watching over it to make sure it
is going smoothly. Flexibility and non-standard processes take people, not day
to day administration.
Again
though, with the SQL requirement in MIIS, I don't see it reducing the people
costs a lot unless you can dump quite a few admins due to their jobs being
primarily provisioning but you have to pick someone up who knows MIIS and SQL
Server well to cover the bad times with MIIS. Again, if that were an ESE engine
under it, you wouldn't need a DB person around to make it work. I think MSFT is
being quite assinine with MIIS until they remove the SQL requirement. But then
that is nothing new, I have been saying that since day 1 of MIIS and that
spawned the little "debate" at the MVP summit concerning its use when we were in
Developer day.
joe
[1] In
general, any position that is about following a documented process and entering
commands into the computer can almost certainly be filled by a well written
script/tool.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Deji Akomolafe
Sent: Saturday, July 01, 2006 3:12 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Schema Question
Being the cheapest doesn't
make it cheap, Brian. It's all relative. Let me see you sell MIIS to a
sub-5000-user environment. I've yet to see a successful MIIS implementation
that costed less than 6 figures. That is an amount that I call "stratospheric",
and would never recommend in response to questions similar to the one posted by
the OP.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: Brian Desmond
Sent: Fri 6/30/2006 11:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Schema Question
MIIS is about the Cheapest commercial one from the major directory vendors I've come across...Novell and Sun are 7 diigt figure products on a good day Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] > Sent: Saturday, July 01, 2006 12:33 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Schema Question > > Yeah, > > until the price of MIIS [1] comes down from its stratospheric level, > and until I can look customer in the eye and say "yes, you can use > mySQL or such", I won't touch MIIS with a long pole. > > [1]Yes yes, MIIS is just one of many provisioning solutions. I've seen > a few, and the engineering that goes into making them work at all is so > intensive that I don't like to offer them as "solutions". > > > > > > > Sincerely, > _____ > (, / | /) /) /) > /---| (/_ ______ ___// _ // _ > ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_ > (_/ /) > (/ > Microsoft MVP - Directory Services > www.readymaids.com <http://www.readymaids.com> - we know IT > www.akomolafe.com <http://www.akomolafe.com> -5.75, -3.23 Do you now > realize that Today is the Tomorrow you were worried about Yesterday? - > anon > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of joe > Sent: Fri 6/30/2006 1:28 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Schema Question > > > You mean as in copying in ADUC... What are you crazy?? Provisioning is > the new cool key word Deji. ;) > > -- > O'Reilly Active Directory Third Edition - > http://www.joeware.net/win/ad3e.htm > > > > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Deji Akomolafe > Sent: Friday, June 30, 2006 3:11 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Schema Question > > > Listen to what they say.... > > But if you really have to set attributes, consider using user templates > and populating the relevant settings that you need. Then do your user > account creation using the templates. > > > Sincerely, > _____ > (, / | /) /) /) > /---| (/_ ______ ___// _ // _ > ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_ > (_/ /) > (/ > Microsoft MVP - Directory Services > www.readymaids.com <http://www.readymaids.com> - we know IT > www.akomolafe.com <http://www.akomolafe.com> -5.75, -3.23 Do you now > realize that Today is the Tomorrow you were worried about Yesterday? - > anon > > ________________________________ > > From: Brian Desmond > Sent: Fri 6/30/2006 10:58 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Schema Question > > > > And anyway you should be putting quotas either in a recipient policy or > manually on the attributes that control them... > > > > Thanks, > > Brian Desmond > > [EMAIL PROTECTED] > > > > c - 312.731.3132 > > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond > Sent: Friday, June 30, 2006 12:42 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Schema Question > > > > No. Your provisioning system (e.g. MIIS, etc) should be doing this. > > > > Thanks, > > Brian Desmond > > [EMAIL PROTECTED] > > > > c - 312.731.3132 > > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Clay, Justin > (ITS) > Sent: Friday, June 30, 2006 12:38 PM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Schema Question > > > > All, > > > > Let me start with, I'm a total newb when it comes to Schema and Schema > modifications. > > > > Is it possible to modify the schema that so every time a new user is > created (via ADUC) an extension attribute is populated with a default > value? Our Exchange guys would like extensionAttribute5 to be populated > automatically with 100, which is the default mailbox size. Is this > possible? It seems like it would be, but as I warned, I'm a newb. > > > > Thanks, > > > > Justin Clay > ITS Enterprise Services > Metropolitan Government of Nashville and Davidson County Howard School > Building > Phone: (615) 880-2573 > > > > > > ITS ENTERPRISE SERVICES EMAIL NOTICE > > The information contained in this email and any attachments is > confidential and may be subject to copyright or other intellectual > property protection. If you are not the intended recipient, you are not > authorized to use or disclose this information, and we request that you > notify us by reply mail or telephone and delete the original message > from your mail system. > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx