(This post was written a while back and has been held up in drafts)
Yesterday (29-5-2009), I was a customer that had 400 users, yet 1,300 active accounts in AD. And these were not stray/orphaned accounts, but those used for actual services. One thing they’re not aware of is a new type of object in AD called that Managed Service Accounts. Regardless, even having that many accounts for so few users is alarming.
They definitely need a better management strategy for managing all those accounts because there’s simply no way to properly keep up with this accounts. We’ll be working with them in the coming months to help them deploy out Quest ActiveRoles Server to start getting some of this under control and I’m sure it will be a sea change for them once they get a handle on that tool. I’ll try and keep this site posted on what they do.
Comments on this entry are closed.