| Author | Messages | |
gabriel/tfi
Posts:450
 | | 03/30/2012 8:35 AM |
| Based on your experience in medium/large orgs (say 10K empoyees at least) -
whether as an employee or consultant/contractor - within which functional
area does the team responsible for Active Directory commonly fit? How is it
commonly called? "Active Directory"? "Directory Services"?
Thanks - Gabriele.
| | | |
| ZJORZ
Posts:450
| | 03/30/2012 9:14 AM |
| At one of my customers it initially started as "Active Directory" and it
remained as "Active Directory" (naming only)
The responsibilities of THAT team however did change as new technologies
became their responsibility: e.g: AD, NPS/Radius/802.1x, ADFS,SCOM, Lync
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
Ing. Jorge de Almeida Pinto
Principal Consultant
MVP Identity & Access - Directory Services | MCP/MCSE/MCITP | MCT | vTSP
(MVP Profile
<https://mvp.support.microsoft.com/profile=F8C04F4A-BFF2-453E-9AED-7DFEDAB0B
E10> ) (Blog <http://jorgequestforknowledge.wordpress.com/> )
-------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: <http://jorgequestforknowledge.wordpress.com/disclaimer/>
http://jorgequestforknowledge.wordpress.com/disclaimer/
-------------------------------
Description: Description: Description: Description: Description: Think Green
From: activedir-owner@xxxxxxxxxxxxxxxx
[mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Gabriele Scolaro
Sent: Friday, March 30, 2012 09:33
To: activedir@xxxxxxxxxxxxxxxx
Subject: [ActiveDir] [OT] - AD/DS team in an IT organization
Based on your experience in medium/large orgs (say 10K empoyees at least) -
whether as an employee or consultant/contractor - within which functional
area does the team responsible for Active Directory commonly fit? How is it
commonly called? "Active Directory"? "Directory Services"?
Thanks - Gabriele.
| | | |
| Gil
Posts:316
| | 03/30/2012 9:28 AM |
| Going back in history, it was the Window Server team that ended up with AD responsibilities. Sometimes the larger orgs would explicitly carve off a separate team from the Windows Server group and make them responsible for AD, other times the team gradually developed AD as a focus. I've never seen an org where the AD team came from networking, security, or for instance, the Netscape directory team. It's always been part of Windows.
-gil
From: activedir-owner@xxxxxxxxxxxxxxxx [mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Gabriele Scolaro
Sent: Friday, March 30, 2012 6:33 PM
To: activedir@xxxxxxxxxxxxxxxx
Subject: [ActiveDir] [OT] - AD/DS team in an IT organization
Based on your experience in medium/large orgs (say 10K empoyees at least) - whether as an employee or consultant/contractor - within which functional area does the team responsible for Active Directory commonly fit? How is it commonly called? "Active Directory"? "Directory Services"?
Thanks - Gabriele.
| | | |
| dloder
Posts:149
| | 03/30/2012 12:43 PM |
| Our corporate IT as a whole is split between engineering and operations functions. Right now the two teams involved with AD are both known as Security Engineering and Security Operations. Our names change and our placement within the company moves from time to time, but our functions are pretty defined to security infrastructure. Currently AD, ADLDS, ADFS, ADCS, FIM, 3rd party password management, two-factor AuthN and a home-grown SSO are the major pieces.
Most of the people in both groups have a more generalized background from Windows Server, but we do have some that moved from Netscape LDAP to AD when we migrated that directory, and from other *nix-based operations roles.
But this separation from the general Windows and *nix Server operations teams helps us to maintain joe's rule of few EAs.
-- http://dloder.blogspot.com --
________________________________
From: Gil Kirkpatrick <Gil.Kirkpatrick@xxxxxxxxxxxxxxxx>
To: "activedir@xxxxxxxxxxxxxxxx" <activedir@xxxxxxxxxxxxxxxx>
Sent: Friday, March 30, 2012 4:26 AM
Subject: RE: [ActiveDir] [OT] - AD/DS team in an IT organization
Going back in history, it was the Window Server team that ended up with AD responsibilities. Sometimes the larger orgs would explicitly carve off a separate team from the Windows Server group and make them responsible for AD, other times the team gradually developed AD as a focus. I’ve never seen an org where the AD team came from networking, security, or for instance, the Netscape directory team. It’s always been part of Windows.
-gil
From:activedir-owner@xxxxxxxxxxxxxxxx [mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Gabriele Scolaro
Sent: Friday, March 30, 2012 6:33 PM
To: activedir@xxxxxxxxxxxxxxxx
Subject: [ActiveDir] [OT] - AD/DS team in an IT organization
Based on your experience in medium/large orgs (say 10K empoyees at least) - whether as an employee or consultant/contractor - within which functional area does the team responsible for Active Directory commonly fit? How is it commonly called? “Active Directory”? “Directory Services”?
Thanks – Gabriele.
| | | |
| pgt
Posts:30
| | 03/30/2012 12:47 PM |
| My org calls it authentication team.
Sent from my phone.
On 30-Mar-2012, at 1:40 PM, Jorge de Almeida Pinto <jorgedealmeidapinto@xxxxxxxxxxxxxxxx> wrote:
> At one of my customers it initially started as “Active Directory” and it remained as “Active Directory” (naming only)
> The responsibilities of THAT team however did change as new technologies became their responsibility: e.g: AD, NPS/Radius/802.1x, ADFS,SCOM, Lync
>
> Cheers,
>
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> Ing. Jorge de Almeida Pinto
> Principal Consultant
> MVP Identity & Access - Directory Services | MCP/MCSE/MCITP | MCT | vTSP
> (MVP Profile) (Blog)
>
> ———————————————————————————————
> * This posting is provided "AS IS" with no warranties and confers no rights!
> * Always evaluate/test yourself before using/implementing this!
> * DISCLAIMER: http://jorgequestforknowledge.wordpress.com/disclaimer/
> ———————————————————————————————
> <image001.gif>
>
> From: activedir-owner@xxxxxxxxxxxxxxxx [mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Gabriele Scolaro
> Sent: Friday, March 30, 2012 09:33
> To: activedir@xxxxxxxxxxxxxxxx
> Subject: [ActiveDir] [OT] - AD/DS team in an IT organization
>
> Based on your experience in medium/large orgs (say 10K empoyees at least) - whether as an employee or consultant/contractor - within which functional area does the team responsible for Active Directory commonly fit? How is it commonly called? “Active Directory”? “Directory Services”?
>
> Thanks – Gabriele.
| | | |
| joe1
Posts:37
| | 03/30/2012 6:52 PM |
| On my org (30,000 staff) we are the Directory Services team. Was recently asked to change to Identity Management team.
Sent from my phone
On 30 Mar 2012, at 08:42, "Gabriele Scolaro" <gabro@xxxxxxxxxxxxxxxx<mailto:gabro@xxxxxxxxxxxxxxxx>> wrote:
Based on your experience in medium/large orgs (say 10K empoyees at least) - whether as an employee or consultant/contractor - within which functional area does the team responsible for Active Directory commonly fit? How is it commonly called? “Active Directory”? “Directory Services”?
Thanks – Gabriele.
List info: http://www.activedir.org/List.aspx
| | | |
| millh0use
Posts:1
| | 03/30/2012 7:09 PM |
| Directory Services is a subset of the Windows Server group at my current
company, with only a couple of people on that team actually focusing on
AD.
At my previous company, we were the Messaging and Directory Services
group. If you are an Exchange shop, I think it makes a lot of sense to
combine Directory Services with Messaging because of how much Exchange
relies on AD. Identity Management is definitely something that could be
included in that group as well.
From: Joe McNicholas <joe@xxxxxxxxxxxxxxxx>
To: "<activedir@xxxxxxxxxxxxxxxx>" <activedir@xxxxxxxxxxxxxxxx>
Date: 03/30/2012 01:52 PM
Subject: Re: [ActiveDir] [OT] - AD/DS team in an IT organization
Sent by: activedir-owner@xxxxxxxxxxxxxxxx
On my org (30,000 staff) we are the Directory Services team. Was recently
asked to change to Identity Management team.
Sent from my phone
On 30 Mar 2012, at 08:42, "Gabriele Scolaro" <gabro@xxxxxxxxxxxxxxxx<
mailto:gabro@xxxxxxxxxxxxxxxx>> wrote:
Based on your experience in medium/large orgs (say 10K empoyees at least)
- whether as an employee or consultant/contractor - within which
functional area does the team responsible for Active Directory commonly
fit? How is it commonly called? ?Active Directory?? ?Directory Services??
Thanks ? Gabriele.
List info: http://www.activedir.org/List.aspx
| | | |
| sivasankar_33
Posts:50
| | 03/30/2012 7:38 PM |
| In my organisation we call it as "Distributed System Support" a team which
takes care of Windows server and AD. Exchange, DB and Client deployment
will fall under the roof of "Distributed Systems"
On Fri, Mar 30, 2012 at 1:03 PM, Gabriele Scolaro <gabro@xxxxxxxxxxxxxxxx> wrote:
> Based on your experience in medium/large orgs (say 10K empoyees at least)
> - whether as an employee or consultant/contractor - within which functional
> area does the team responsible for Active Directory commonly fit? How is it
> commonly called? “Active Directory”? “Directory Services”?****
>
> ** **
>
> Thanks – Gabriele.****
>
--
Regards,
Sivasankar G
+91-9884810236
| | | |
| DaemonRoot
Posts:173
| | 03/30/2012 7:42 PM |
| IMHO it's better to split them apart, for matters of data privacy, security,
compliance and even to let folks go really deep into a technology which will
let them specialize on it instead of having a general knowledge of many
things.
This of course means you gotta have a solid delegation/security model in
place.
If we think about it pretty much all services depend on AD as it is the core
service so putting all things in the same bucket might not be the best; try
avoiding conflicts of interest.
Doing a service mapping will let you group folks in the best way and will
also allow you to document dependencies and OLAs defined.
Cheers,
~d
From: activedir-owner@xxxxxxxxxxxxxxxx
[mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of
jeremy.miller@xxxxxxxxxxxxxxxx
Sent: Friday, March 30, 2012 12:08 PM
To: activedir@xxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] [OT] - AD/DS team in an IT organization
Directory Services is a subset of the Windows Server group at my current
company, with only a couple of people on that team actually focusing on AD.
At my previous company, we were the Messaging and Directory Services group.
If you are an Exchange shop, I think it makes a lot of sense to combine
Directory Services with Messaging because of how much Exchange relies on AD.
Identity Management is definitely something that could be included in that
group as well.
From: Joe McNicholas <joe@xxxxxxxxxxxxxxxx>
To: "<activedir@xxxxxxxxxxxxxxxx>" <activedir@xxxxxxxxxxxxxxxx>
Date: 03/30/2012 01:52 PM
Subject: Re: [ActiveDir] [OT] - AD/DS team in an IT organization
Sent by: activedir-owner@xxxxxxxxxxxxxxxx
_____
On my org (30,000 staff) we are the Directory Services team. Was recently
asked to change to Identity Management team.
Sent from my phone
On 30 Mar 2012, at 08:42, "Gabriele Scolaro" <gabro@xxxxxxxxxxxxxxxx<
<mailto:gabro@xxxxxxxxxxxxxxxx> mailto:gabro@xxxxxxxxxxxxxxxx>> wrote:
Based on your experience in medium/large orgs (say 10K empoyees at least) -
whether as an employee or consultant/contractor - within which functional
area does the team responsible for Active Directory commonly fit? How is it
commonly called? "Active Directory"? "Directory Services"?
Thanks - Gabriele.
List info: <http://www.activedir.org/List.aspx>
http://www.activedir.org/List.aspx
| | | |
| sivasankar_33
Posts:50
| | 03/30/2012 7:53 PM |
| You can also think of something like Active Directory Messaging and
Operations team (ADMOP team)
Our organization's employee strength is 1,76,000 
On Sat, Mar 31, 2012 at 12:07 AM, Sivasankar G <sivasankar.hcl@xxxxxxxxxxxxxxxx>wrote:
> In my organisation we call it as "Distributed System Support" a team which
> takes care of Windows server and AD. Exchange, DB and Client deployment
> will fall under the roof of "Distributed Systems"
>
>
> On Fri, Mar 30, 2012 at 1:03 PM, Gabriele Scolaro <gabro@xxxxxxxxxxxxxxxx> wrote:
>
>> Based on your experience in medium/large orgs (say 10K empoyees at least)
>> - whether as an employee or consultant/contractor - within which functional
>> area does the team responsible for Active Directory commonly fit? How is it
>> commonly called? “Active Directory”? “Directory Services”?****
>>
>> ** **
>>
>> Thanks – Gabriele.****
>>
>
>
>
> --
> Regards,
> Sivasankar G
> +91-9884810236
>
--
Regards,
Sivasankar G
+91-9884810236
| | | |
| mctbill
Posts:22
| | 03/31/2012 4:48 AM |
| That is us. We are somewhat large. 150-ish thousand carbon based
lifeforms, and 100-ish thousand silicon based lifeforms. AD was one guy
(me) on the Windows Server team. Then we grew to a couple of people, and
got moved to Directory Services. Now we are moved back to the Windows
Server team. Sort of moved. They really just divvied us up on a couple of
teams. We'll probably get re-orged into Security or Risk Management. They
have changed my job title about 4 or 5 times as well. I'm still doing the
same work.
I agree with the posters that say there needs to be a dynamic tension in the
environment, and don't view it as a bad thing. We get requirements from
Security/ IT Risk Management. We create engineering designs and build the
environment. Internal Audit checks what we do. Then Security does
pen-testing to make sure the other two sides are honest. It's work, but
it's safe.
I just think their needs to be sufficient horsepower for your leadership to
get things done for you, regardless of where you fit in the org chart. A
frequent lament from many AD folks (Okay, maybe just me) is that they trust
us at 3 am over a VPN connection, but not at 3 pm across a conference table.
So if your boss has the political muscle or incriminating video to get
things done, then that is where you belong.
Bill
From: activedir-owner@xxxxxxxxxxxxxxxx
[mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Gil Kirkpatrick
Sent: Friday, March 30, 2012 3:27 AM
To: activedir@xxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] [OT] - AD/DS team in an IT organization
Going back in history, it was the Window Server team that ended up with AD
responsibilities. Sometimes the larger orgs would explicitly carve off a
separate team from the Windows Server group and make them responsible for
AD, other times the team gradually developed AD as a focus. I've never seen
an org where the AD team came from networking, security, or for instance,
the Netscape directory team. It's always been part of Windows.
-gil
From: activedir-owner@xxxxxxxxxxxxxxxx
[mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Gabriele Scolaro
Sent: Friday, March 30, 2012 6:33 PM
To: activedir@xxxxxxxxxxxxxxxx
Subject: [ActiveDir] [OT] - AD/DS team in an IT organization
Based on your experience in medium/large orgs (say 10K empoyees at least) -
whether as an employee or consultant/contractor - within which functional
area does the team responsible for Active Directory commonly fit? How is it
commonly called? "Active Directory"? "Directory Services"?
Thanks - Gabriele.
| | | |
| bijubabuk
Posts:153
| | 03/31/2012 7:27 AM |
| AD team is part of Identity Mgmt Team, sub working groups deal with AD,
DS, Federation, UP , RADIUS , PKI , Secure-ID etc
Rgds
From: activedir-owner@xxxxxxxxxxxxxxxx
[mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of gabro@xxxxxxxxxxxxxxxx
Sent: Friday, March 30, 2012 1:03 PM
To: activedir@xxxxxxxxxxxxxxxx
Subject: [ActiveDir] [OT] - AD/DS team in an IT organization
Based on your experience in medium/large orgs (say 10K empoyees at
least) - whether as an employee or consultant/contractor - within which
functional area does the team responsible for Active Directory commonly
fit? How is it commonly called? "Active Directory"? "Directory
Services"?
Thanks - Gabriele.
| | | |
| es491
Posts:11
| | 04/01/2012 4:53 PM |
| Same here, we are part of the Identity and Access Management Team, with about the same responsabilities.
Regards
________________________________
From: activedir-owner@xxxxxxxxxxxxxxxx [mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of Biju_babu@xxxxxxxxxxxxxxxx
Sent: zaterdag 31 maart 2012 8:26
To: activedir@xxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] [OT] - AD/DS team in an IT organization
AD team is part of Identity Mgmt Team, sub working groups deal with AD, DS, Federation, UP , RADIUS , PKI , Secure-ID etc
Rgds
From: activedir-owner@xxxxxxxxxxxxxxxx [mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of gabro@xxxxxxxxxxxxxxxx
Sent: Friday, March 30, 2012 1:03 PM
To: activedir@xxxxxxxxxxxxxxxx
Subject: [ActiveDir] [OT] - AD/DS team in an IT organization
Based on your experience in medium/large orgs (say 10K empoyees at least) - whether as an employee or consultant/contractor - within which functional area does the team responsible for Active Directory commonly fit? How is it commonly called? "Active Directory"? "Directory Services"?
Thanks - Gabriele.
-------------------------------------------------------------------------
Dexia disclaimer:
http://www.dexia.com/maildisclaimer.htm
-------------------------------------------------------------------------
| | | |
| robertsingers
Posts:621
| | 04/01/2012 9:15 PM |
| I have worked for an organisation where the Exchange team became the defacto owners of Active Directory. The reason is quite logical, Exchange is the most prominent business facing aspect of Active Directory, so that was the team that the business was willing to fund.
From: activedir-owner@xxxxxxxxxxxxxxxx [mailto:activedir-owner@xxxxxxxxxxxxxxxx] On Behalf Of jeremy.miller@xxxxxxxxxxxxxxxx
Sent: Saturday, 31 March 2012 7:08 a.m.
To: activedir@xxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] [OT] - AD/DS team in an IT organization
Directory Services is a subset of the Windows Server group at my current company, with only a couple of people on that team actually focusing on AD.
At my previous company, we were the Messaging and Directory Services group. If you are an Exchange shop, I think it makes a lot of sense to combine Directory Services with Messaging because of how much Exchange relies on AD. Identity Management is definitely something that could be included in that group as well.
From: Joe McNicholas <joe@xxxxxxxxxxxxxxxx<mailto:joe@xxxxxxxxxxxxxxxx>>
To: "<activedir@xxxxxxxxxxxxxxxx<mailto:activedir@xxxxxxxxxxxxxxxx>>" <activedir@xxxxxxxxxxxxxxxx<mailto:activedir@xxxxxxxxxxxxxxxx>>
Date: 03/30/2012 01:52 PM
Subject: Re: [ActiveDir] [OT] - AD/DS team in an IT organization
Sent by: activedir-owner@xxxxxxxxxxxxxxxx<mailto:activedir-owner@xxxxxxxxxxxxxxxx>
________________________________
On my org (30,000 staff) we are the Directory Services team. Was recently asked to change to Identity Management team.
Sent from my phone
On 30 Mar 2012, at 08:42, "Gabriele Scolaro" <gabro@xxxxxxxxxxxxxxxx<mailto:gabro@xxxxxxxxxxxxxxxx>> wrote:
Based on your experience in medium/large orgs (say 10K empoyees at least) - whether as an employee or consultant/contractor - within which functional area does the team responsible for Active Directory commonly fit? How is it commonly called? "Active Directory"? "Directory Services"?
Thanks - Gabriele.
List info: http://www.activedir.org/List.aspx
This message has been scanned for viruses and is believed to be clean.
#####################################################################################
This message has been scanned for viruses and is believed to be clean.
#####################################################################################
----------------------------------------------------------------------------------------
Please Note:
The information contained in this email message and any attached files may be confidential and subject to privilege. If you are not the intended recipient of this message, privilege and confidentiality is not waived or lost, and you are not entitled to use, disclose or copy it in any way. Opinions expressed in this message are not necessarily those of the Department of Building and Housing. The Department does not accept any liability for any technical opinions offered. While we use standard virus protection software, we do not accept responsibility for viruses or anything similar in this email or its attachments, nor do we accept responsibility for changes made to this email or to its attachments after it leaves our system. If you have received this email in error, please notify us immediately by reply email and delete the original and any attachment(s). Thank you.
----------------------------------------------------------------------------------------
| | | |
| idarryl
Posts:14
| | 04/02/2012 3:32 PM |
| I just finished working for a European Government organisational where I
was the AD guy within the Identity and Access Management team within the
Operational Security department.
The reasoning was that we managed all identities (or the delegation), and
access to all resources throughout the organisation, regardless of the
underlying service.
....2c
~
Darryl Shiels
On 1 April 2012 22:14, Robert Singers <Robert.Singers@xxxxxxxxxxxxxxxx> wrote:
> I have worked for an organisation where the Exchange team became the
> defacto owners of Active Directory. The reason is quite logical, Exchange
> is the most prominent business facing aspect of Active Directory, so that
> was the team that the business was willing to fund.****
>
> ** **
>
> *From:* activedir-owner@xxxxxxxxxxxxxxxx [mailto:
> activedir-owner@xxxxxxxxxxxxxxxx] *On Behalf Of *
> jeremy.miller@xxxxxxxxxxxxxxxx
> *Sent:* Saturday, 31 March 2012 7:08 a.m.
> *To:* activedir@xxxxxxxxxxxxxxxx
>
> *Subject:* Re: [ActiveDir] [OT] - AD/DS team in an IT organization****
>
> ** **
>
> Directory Services is a subset of the Windows Server group at my current
> company, with only a couple of people on that team actually focusing on AD.
> At my previous company, we were the Messaging and Directory Services
> group. If you are an Exchange shop, I think it makes a lot of sense to
> combine Directory Services with Messaging because of how much Exchange
> relies on AD. Identity Management is definitely something that could be
> included in that group as well.
>
>
>
>
> From: Joe McNicholas <joe@xxxxxxxxxxxxxxxx>
> To: "<activedir@xxxxxxxxxxxxxxxx>" <activedir@xxxxxxxxxxxxxxxx>
> Date: 03/30/2012 01:52 PM
> Subject: Re: [ActiveDir] [OT] - AD/DS team in an IT organization
> Sent by: activedir-owner@xxxxxxxxxxxxxxxx ****
> ------------------------------
>
>
>
>
> On my org (30,000 staff) we are the Directory Services team. Was recently
> asked to change to Identity Management team.
>
> Sent from my phone
>
> On 30 Mar 2012, at 08:42, "Gabriele Scolaro" <gabro@xxxxxxxxxxxxxxxx<
> mailto:gabro@xxxxxxxxxxxxxxxx <gabro@xxxxxxxxxxxxxxxx>>> wrote:
>
> Based on your experience in medium/large orgs (say 10K empoyees at least)
> - whether as an employee or consultant/contractor - within which functional
> area does the team responsible for Active Directory commonly fit? How is it
> commonly called? “Active Directory”? “Directory Services”?
>
> Thanks – Gabriele.
>
> List info: http://www.activedir.org/List.aspx****
>
> ****
>
> This message has been scanned for viruses and is believed to be clean.****
>
>
>
> This message has been scanned for viruses and is believed to be clean.
> **
> *
> ------------------------------
> Please Note:
> The information contained in this email message and any attached files may
> be confidential and subject to privilege. If you are not the intended
> recipient of this message, privilege and confidentiality is not waived or
> lost, and you are not entitled to use, disclose or copy it in any way.
> Opinions expressed in this message are not necessarily those of the
> Department of Building and Housing. The Department does not accept any
> liability for any technical opinions offered. While we use standard virus
> protection software, we do not accept responsibility for viruses or
> anything similar in this email or its attachments, nor do we accept
> responsibility for changes made to this email or to its attachments after
> it leaves our system. If you have received this email in error, please
> notify us immediately by reply email and delete the original and any
> attachment(s). Thank you.
> ------------------------------
>
> *
>
| | | |
| sl
Posts:114
| | 04/02/2012 11:25 PM |
| I see a problem with such approach: opsec unit usually doesn't have
operational accountability for applications that utilise directory
services via LDAP, Kerberos or any other interface; they are also walled
out of infrastructure support, resulting in all kinds of inefficiencies.
Yet this is a government agency you're talking about, so - no surprise
there.
regards
Slav
On 3/04/2012 12:30 AM, Darryl Shiels wrote:
> I just finished working for a European Government organisational where
> I was the AD guy within the Identity and Access Management team within
> the Operational Security department.
>
> The reasoning was that we managed all identities (or the delegation),
> and access to all resources throughout the organisation, regardless of
> the underlying service.
>
> ....2c
>
> ~
> Darryl Shiels
>
| | | |
|
|