Outsourcing Active Directory Server. Is it Possible? Is it Practical


Our company is a fairly small shop. Nonetheless we want to "do things right," and part of that means implementing Active Directory.

However, we don't have the budget for a full time system administrator to manage it for us.

I was wondering:

  • Is it possible to outsource management of our Active Directory server to a third party?

  • Is it practical to outsource management of our Active Directory server to a third party?

  • How secure would it be? For example, in the case of a password reset, what measures would a service provider implement to ensure that the requester is who they say they are?

  • As I've read in other posts here on serverfault, hosting an Active Directory Server off-site is not a good idea. However, if the server is at our site, how would the provider manage it without having to physically visit our site every time?


Best Answer

It's an interesting one. As mentioned above, there are plenty of solution providers / systems integrators that will do this sort of thing for you. However, you need to really consider what you are trying to achieve.

In the case of Active Directory, it's the core technology that underpins three four very important things:

  • Access Control (who can logon and who has what privileges, Etc.)
  • Corporate Directory information (optional use, but AD can be your corporate directory of user info, departments, staff hierarchy (managers, subordinates), telephone numbers, Etc.)
  • Group Policy (central configuration of corporate PCs)
  • DNS (name resolution of friendly names to IP addresses)

So, it's important. But, once designed, installed and configured, it's a very low-maintenance bit of infrastructure. As long as you have at least two domain controllers (the servers that host AD), and they are being backed up, you don't really need to touch it. That's the technical side of AD.

The operational side, is more labour intensive, but this is only proportional to your head count and staff turnover. For example, someone needs to:

  • Create users when new folks join the company
  • Reset passwords when people forget them (although this can be delegated to non-admins)
  • Keep on top of access control (add/remove people to/from groups as their access needs change, e.g.: change of job role)
  • Remove users when they leave

If you have Microsoft Exchange, you'll also have mailbox provisioning to think about.

So, the fact that's it's such a fundamental bit of software in terms of corporate security and integrity can make the decision interesting. Plus, the day-to-day operational bit (the non-techie bit) might make an outsourcing option too expensive.

You might be able to find some middle ground, e.g.: have a Microsoft partner do the spec, install and configuration, plus create some basic "operations manual" for someone in the business.

Lots of stuff to consider.