When LDAP happened, UNIX geeks loved it, and marveled at its simplicity, extensibility and power. All sorts of great applications sprouted up around it. From super smart mail gateways, to really granular management systems, there was a way to leverage LDAP to make building software better, and network and application management easier.
You cant put the AD service in debug mode, and expect to get any kind of logging from it at all. There are management tools that can tell you things about what has failed, but not why.
Reapeatability:
While there are sets of rules about what to do to make things work, some of those can be bent, others can be broken. There's not set of instructions that says - for <function X> to work every time, here is how configure AD for <function X>. This is a problem because different IT knowledge will say configure it one way, while other knowledge will say something different. It gets sloppy quick. Without a clearly defined process and procedure of who can do what, and how to do it, you can end up with a giant mess of hairy gunk that can't be manged effectively, if at all. When configuration knowledge is tribal, you'll never have repeatability.
AD Does not fail gracefully:
When things do go wrong, they usually happen in the most unpredictable of ways. We made a policy inactive once that caused oulook to get uninstalled from everyones computer. Outlook was installed as part of Office. So, I would understand if the entire Office suite was uninstalled, but this policy did something completely unexpected.
Understand that there is no line between Group Policy, and AD:
They are symbiotic. Both depend upon each other. It is this complexity that I think is the real stem of the problem. GP cant make sure that it is configured correctly, because all it configuration is stored in AD, and GPO's only have an understanding of themselves, not the directory in which they live. There seems to be a very mappging from GPO to OU's in AD, but that is the extent of that.
There are no built in reporting tools. Do you want a nice, comma delimited list of what users are in the Marketing Group? Good luck with trying to get it out of AD directly.
You know that guy in Office Space, the one who wants his red swingline back? I think that is the guy in Microsft that understands Active Directory. MS has got him locked in the basement. He could address all these concerns, he can tell you how AD works. Support engineers that you reach at MS to get help? They dont have a clue.
You remember those days... I know you do. When you took your parents TV apart? Or that time when you plugged the vcr video into the left channel input of your dad's stereo?
The times when you were trying to learn how things worked. These were instructive efforts for you, not wasted, or costly, whatever your parents might have thought.
The innovators of our modern period did not create their magical devices by starting from scratch. They stood on the shoulders of giants. They used working technology, took it apart and re-assembled it in a new way, to give us what we now call iPhones and iPads, and Android devices. They are the great tinkerers of our time.
There is a problem with these devices that needs to be addressed. They are not by themselves, tinker-able. The children of today that we expect to be the great innovators of tomorrow cannot do what current innovators have done. Tinkering, and taking things apart is important LASTLY for learning how things work, it is important to help children create a model of the world where it is OK to take things apart. It is OK to twiddle all the knobs you see. Most important is that it is OK to fail. This should be learned earlier than later in life.
The iPad is frustratingly difficult to take apart. Most of the modern gadgets that we covet today do not promote an ease and accessibility for the tinkerer. Legislation like the DMCA, and the "analog gap" issue only further frustrates people who are trying to innovate. Hardware in modern gadgets is too highly integrated. Software and production techniques are wrapped in patents and commercial protection that prohibits taking apart, or reverse engineering.
Fostering innovation takes more than just better science classes. Children that will be the innovators of tomorrow must have the freedom and willingness to take things apart, and twiddle all the knobs they can see. This takes more than just science classes. It must be possible to take a TV apart, and get something from that experience - something more than just frustration, or a lawsuit.
When faced with the stumbling blocks presented by these devices, the pragmatic response is to change the device, either by replacing it with something that meets the need, or by re-engineering. What response do you think children of today will have to gadgets they cant take apart and repurpose? How will they channel the frustration that they have over the closed ecosystems that we are creating?
Innovation does not stand still. It, like nature, will find a way. Recent developments do not promote modern tinkering. They are too highly integrated, or wrapped in so much DRM that their usefulness is limited to it in and of itself. The innovators of tomorrow will do the same things that the innovators of today have done, they will steal, hack and reverse-engineer. Being given this capacity earlier than later will only promote these skills that are so important building new things in the future.
This post was inspired in part by my frustration, but more by others who are doing something about this. Check out ifixit.org and the good people over at build-it-yourself. I found this TED talk from a guy who runs a tinkering school. He seems to have his head in the right place.
I've been taking our archives of the old site, and building a new section of the site that has all the archive material - as much as we have anyway...
So, I have a bunch of material on my servers here in the basement. But, about 5 years ago, Ian brought over one of the old geekforce servers. Its a custom geekforce server running bsd. We spraypainted the case red.
Tomorrow, job 1 is firing that thing up, and getting it on the network.
BSD single user mode, here I come!
Update on Sat, March 24, 2012 at 11:24 AM by
David
So the Big RedBox boots up, and it was pretty easy to login to it, considering the root password was written in sharpy on the case!
There is a TON of archive material on this machine.
I'm taking photos as I go, and will be posting them.
There is alot of archive material on this machine. So incorporating it is going to take some time.
We use a Host/CMS in-a-box called squarespace. One of the things I dont like is that I cant just upload a ton of HTML, and have it all work. Its got to live in a squarespace template. I'm hoping that since I will have created the pages, I can edit their template, and voila.
The Big RedBox speaks appletalk! So, I should be able to see it upstairs, but this has not really been a priority right now. There are OLD files on this machine...
Update on Wed, March 28, 2012 at 9:15 PM by
The Geekforce
as an additional aside, this server runs a home made apache binary. and the web server's runtime user name is 'steven'.
One of the most powerful and flexible administration tools that Microsoft has released is PowerShell. PowerShell is also a dense, confusing, and hard to learn scripting language. I was having trouble wrapping my head around it, and then I found PowerGUI. PowerGUI is a collection of scriptlets, add ons, and most importantly, a graphical user interface, scripting tool and syntax checker. The free (!!) version is very powerful, combined with the other free (!!) add on packs, there is something there for just about anyone who works with Active Directory or more than two machines running a Microsoft OS. I use it everyday to manage the machines that I deal with, it's the easiest way I have found to perform Active Directory management, gather information about remote machines, and much more. Enjoy.
Wed, April 18, 2012 at 8:38 PM By 
;)
;)
;)
;)