We are rural ISP provider serving 6 exchanges with broadband Internet, TV and phone services. We also provide IT services to other internal affiliate companies for their corporate IT needs. Overall we are a company of about 400 users across 30 sites on the west coast - 9 different identifying companies with several different business continuity needs.
Our current challenge with AD is 3 fold. Our active directory environment is the result of past administrations lack of organization, mis-management and planning - not to mention lack of of addressing business continuity requirements
1. Baggage - We have hundreds, if not thousands of AD objects that simply are not needed and serve no function. Some are disabled, some are enabled, but most are simply scattered about with no real purpose. We have entire OU structures built that *appear* to serve no real purpose. The challenge is to safely identify and purge what serves no purpose, but also identify what is actually needed.
2. Organization - In addition to OUs, computer objects and user objects scattered about, the underlying issue is there is no real organization or business continuity structure to an end - The goal is to not just "clean things up" but to provide some structure that anyone coming into our environment could learn and understand quickly.
3. Automation - Everything we do in AD currently is a manual process. User creation, email account creation, account retention/deletion is all handled manually by an IT staff member - including drive mappings and employee information. We would like to build as much automation as we can - so a majority of AD manipulation does not need manual interaction from IT. We really would like to streamline as many procedures as possible - with the goal not only to free up IT time, but to make business continuity more transparent and more seamless from a work-flow point of view.
The other part of automation I see is from a self-service perspective. HR, managers, and even users I would like to see more a "help youself" direction, as long it is done in a secure fashion. I think that self-empowerment is a must in todays technical landscape and I feel today IT is relied on not just for technical help, but many day-to-day processes that don't neccessary need to be in IT hands.
Adaxes helped us take back our AD environment. We now have a organized structure with full visibility of what user accounts have what rights and also who all has AD delegation permissions. Custom scripting and power shell pulls are rarely need any longer to pull data out of AD. User accounts and mailboxes are now automatically created by our HR team and IT is rarely involved. Adaxes helped us solve the problem of "wild west" AD syndrome - that is now we have secure and official AD policies to manage our environment. Only users who need permission to do a particular task, have rights and it is able to be clearly communicated with Adaxes. The other big issue it fixed for us the automation and actual manipulation of AD. Now we have custom web forms that automatically provision and de-provision accounts. It helps us helps the company manage the organization!
With Adaxes, it's hard to quantify exactly who much time it is saving us, but I estimate between 8-12 hours a week in administration time and another 12 in help-desk time. HR now has the ability to handle provisioning and de-provisioning by themselves and IT has made huge gains in tranparency so "we" aren't the only one's who know how things are setup (groups, permissions, etc.). With the self-service password reset feature, our users have avoided having to call in the helpdesk and can now confidently work remotely during off-hours without the stress of having to call the on-call tech. It has given our HR department, our users and our managers a sense of ownership and buy-in into IT processes and procedures once heralded in secrecy.