Tuesday
Mar182008
Vendor without a clue.
Tuesday, March 18, 2008 at 09:10AM It truly frightens me that in 2008 there are application vendors out there who claim that their products integrate with Active Directory, and yet have so little understanding of the service with which they claim to work hand-in-hand.
A few gems from Vendor name withheld to protect the lives of the innocent documentation that I'm marking up for an afternoon meeting:
(All emphasis and comments mine.)
- "Because the global catalog does not contain all of the attributes, configuring the AD authentication provider to look at the GC may not always be a feasible solution." ...the hell? I mean, who gets paid to actually write that?
- "In an ideal environment, the password of the user account used to extend the Active Directory schema would never change...Recommendation: it would be ideal if a Vendor user account was created with Schema Admin rights, with a password that is set to never expire." In what universe is that an ideal environment? Unless by 'ideal' you mean 'happy utopian parallel universe in which everyone loves each other, malicious users don't exist and nobody ever dies.'
- Before configuring your Microsoft Active Directory Server for use with Vendor products on Windows 2003, a modification must be made to Active Directory in order to allow anonymous access to the directory server. This was the default behaviour for Windows 2000." Yeah...and? There's a reason it's not the default anymore, and hasn't been for five frakking years!
This is going to be a really fun meeting.
Reader Comments (1)
Not in my forest you don't!
But seriously, it is one of the most common audit findings when we run an AD Health Check - persistent service or user accounts in the Schema Admins group.