As I mentioned in my previous post I’m intending to write a series of new posts relating to some of the services/systems supported by the Core Services team. These aren’t going to be massive technical rants but more of a little taster for what each service does and a bit of info around how we look after it.
First on the list seemed a very obvious choice, given that it’s the main reason you haven’t seen many posts on here of late. For the last 18 months Core Services have worked intensively on designing and implementing a Microsoft Active Directory (AD) infrastructure. This project was undertaken so that we could finally move away from our ageing Novell E-Directory systems and ensure we were able to deliver a modern and efficient directory solution to support our Windows 7 migration and overall business needs as we move forward. It’s been a massive project and it’s likely to be another 18 months before it’s all done and dusted.
So what does Active Directory do then? Well that’s a complex question, in it’s most basic terms AD is like a large address book (or maybe the yellow pages) that holds information about our users and computers. We can then search this information to do any number of things from authenticating users to determining permissions and groups. This is the sort of service that has a very low visibility to most users but is absolutely vital to our operations. Without it you wouldn’t be able to login to any of the Windows 7 computers, map your network drives or access web based services such as GO.
As you can imagine this sort of services lies right up the top of the list in terms of priority for our team. Each of us probably spends at least some time every day working with AD in one way or another, maintaining the 40,000 user accounts and 2000 computer objects stored in our directory. Physically Active Directory exists on 6 different Windows 2008 R2 Servers (Domain Controllers) which are split between the Durning and CMIST data centres. This provides us with the vital level of resilience such a key service requires and is part of our overall strategy of high availability (which I’ll talk more about in another post..)
A lot of the work we do in AD is via the Active Directory Users and Computers interface. This is a really useful administrative tool and is used quite a lot by our department. If you have ever spoken to the Service Desk when you had a password problem, it was likely this tool they used to resolve it. We specifically designed our AD structure so that it was easy for us to manage, as a result the staff are split up so departments and teams each have their own organisation unit (OU). While this doesn’t really speed up searching it does make it a lot easier for us to control things like shared drive permissions and special user policies. You can see the AD Users and Computers tool with the structure of our team OU in the screenshot below.
Hopefully this has given you a bit of insight into one of the many back end services we look after. As I’ve said before it’s hard to know these services even exist if we never talk about them. They just sit in the background somewhere and we all run around like headless chickens when the break. Even then, if we’ve done our job properly you won’t even notice!