HP’s directory diet guru speaks

One of the anticipated joys of attending the Directory Experts Conference each spring is the presentation by HP’s Wook Lee, network infrastructure engineer, directory services architect and raconteur. (See here for links to Lee’s presentations over the past few years.) Lee manages to take important, yet dry and frequently mind-numbing, topics and, by using analogies and metaphors, turns them into an interesting presentation. This year’s was no different.

Lee’s topic was Active Directory Resource Forests and their uses. He broke this into two parts: Special Use Resource Forests and Tiered Utility Resource Forests: SURF and TURF. He wanted to make the point that while the use of resource forests is deprecated at HP (in favor of OUs [operating units]), there are times when the additional security of the extra forest comes in handy (such as with extranet partners or for standardization of delivery of services to a wide-spread internal organization). That’s hardly a topic that causes folks to get out of bed early to see the presentation, is it? But you need to get to Lee’s presentations early – both to get a seat and to see the introductory material. In this case, he drew an analogy between your IT department and the kitchen of a fine restaurant:

* CIO = The Chef de Cuisine

* AD Service Mgr = The Executive Chef

* AD Engineer = The Sous-Chef

* Project Mgr = The Expediter

* AD Architect = The Pastry Chef

* Operations staff = The Line Cooks

* The “rookie” = The Chef de garde manger

If you aren’t familiar with those kitchen positions, watch any “inside the restaurant” TV show, or visit CuisineNet to read all about it. Then see if that fits with your organization.

Lee went on to talk about “Directory Dieting” – best practices for consolidating servers (and directory structure) as HP goes from 85 data centers to just six!

The presentation was, as always, a tour de force, well worth the price of admission. I’ll leave you with Lee’s poetic offering of the conference, his “Ode to Identity Management”:

How do I know thee? Let me count the ways.

I know thee to the depth and breadth and height

My DIT can reach, when a DC is in site

At the ends of ideal Replication, no delays.

I know thee to the level of forest function,

2003, with new features, my delight.

I know thee freely, as admins have the Right;

I know thee newly, as they turn on automation.

I know thee with a ticket put to use

with server SPNs, and forest trust.

I know thee with the groups you seemed to lose

With filtered SIDs, – I know thee, now bereft,

disabled, end-of-life! – and, if tombstones choose,

I shall but know thee better after death.