The main misunderstandings about AD/Active Directory:

 

1. The majority of Mongolian companies start to use AD just as a prerequisite for other Microsoft solution (for example for MS Dyn Nav). so that AD is considered just like part of other solution, not as a stand-alone very important security solution itself.

2. Other wrong common mistake – AD requires Microsoft licenses or that only licensed windows OS can integrated to AD. Piracy doesn’t have any direct impact on AD functionality (although not hotfixed and updated cracked OS can have problems even without AD).

3. Another mistake – AD is not free. Wrong. If you have licensed (or cracked 🙂) windows server you have already opportunity to implement AD

4. other mistake – AD is only for “big” companies. In my humble opinion even companies with more than 5 computers should start using AD. Especially if everyone in the country uses cracked OS and middle range consumer computer power exceeds SMB needs (so that you can use Hyper-V to utilize it power – see my post about Dell Optiplex as a affordable server for SMB).

5. other big problem is that many companies state using AD. But in fact they just installed (as side effect of MS Dyn NAV implementation and so on) and use only 1-2 % of it functionality. Or there are a lot of occurrences of improper implementation or misuse of AD so that sometimes it shocks.

6. Software Developers in Mongolia looks like completely ignore AD. Almost any homebred ERP or database application use only SQL authentication (for example Interactive), and there is no option to configure to re-use fundamental AD security to integrate own system with already existing corporate system.

7. poor state of SCS/Structured Cabling System in the majority of Mongolian companies makes AD implementation very problematic.

8. very often lack of theoretical and practical knowledge of AD leads to the overexpenditure of budget, technical and human resources. For example companies with many branches connected by VPN start mindlessly and mechanically create multi-domain structure without any visible reason.