Active Directory is one of those technologies that the business really has no real visibility into. It's like the man behind the curtain, authenticating people, giving them access to various resources, and trying other systems together. From the business perspective, you only really interact directly with AD when you log onto your computer, or need to change your password.
That is until you implement SharePoint.
For a long time AD has been relegated to the back office and fell squarely on IT to maintain and organize how they saw fit. That is still largely true; however, SharePoint changes that a bit by exposing more of AD to the general business, albeit still somewhat indirectly. How AD has been, or not been, maintained will have an impact on your SharePoint project in some big ways.
MySites and People Search
First and foremost is the impact AD will have on MySites and People Search. Just like other Microsoft enterprise applications, AD ties into SharePoint in some deep ways. One of these ways is the synchronization of profile data from AD to SharePoint. This profile data comes from the AD object for a given user and contains information such as name, job title, phone, manager, office location among others. This information is then surfaced in the user profile and exposed for people to see and use. This is where the next tie comes in. This profile information is then used in People Search to find people by name, job title, location, etc. In large organizations this is a great way to create a centralized people directory, and allow people to find others within the organization. However, the information kept in AD is usually out of date, missing, or otherwise incomplete.
However, all is not doom and gloom, but it does require several parties to get together to create a workable solution that’s best for the organization. For example, you may need to pull in the right people from HR, who generally control the most up to date and accurate demographic information in another system, with those from IT to come up with a solution for updating AD in the most effective way possible. Be warned: in most cases this will be no small task, so allowing plenty of time for these discussions and showing "what's in it for me" with both groups will be key to moving forward.
Remember that MySite profile from earlier? Well, it too can be used to update Active Directory. The mere mention of this can send IT running for the hills, but if taken in a practical approach, can be a great self-service method of getting select data points updated. We tend to start small, with something innocuous like Cell Number, to show the concept and how it can be applied to other fields. Obviously there will be fields that you won't want to change, like Manager or Job Title, but others can be done with little risk. The added benefit to keeping AD updated is this will also update the Global Address Book in Exchange/Outlook so it too will have a complete and up to date profile for each user.
Security
Next on the list is security. At its core, AD is used to manage security across the enterprise, and SharePoint falls into that bucket as well. The challenge here is often the AD structure may have been setup with managing access and permissions to file shares and other resources, which doesn't always translate well into securing SharePoint. Microsoft guidance on this is to place Active Directory security groups into SharePoint groups and manage group membership in Active Directory. This works great when the AD structure is there to support it, and can quickly devolve into a security quagmire in SharePoint when it's not.
In my experience, getting the AD security model updated to better accommodate SharePoint can be the trickier of the AD dilemmas. This is largely due to the various systems that already reply upon the existing structure for security. Allow plenty of time for discussions on this thread. The sooner in the project security and AD are started, the better.
The best recommendation here is to ensure the involvement of IT from the beginning. As discussed on the prior post, keeping IT in the dark on your project could lead to challenges, this being one of them.
To learn more about configuring and maintianing your SharePoint intranet, talk to one of our consultants today!
