(Especially) If you work in a large company, then organization changes aren’t really anything new. Microsoft certainly isn’t an exception, but for the 5 or so years that I’ve worked here, the primary function of the team I’m on has rarely changed. Our team name changed, managers changed, people come and go, but for the most part the one thing that remained consistent was that our “org chart bubble” was moved as a whole and the teams remained intact.
For a bit of background, AD support in MS IT was divided between 2 teams. I was part of the core infrastructure team which owns AD, DNS, ADFS, DHCP, WINS, IPSec, IPv6, and several other “smaller” services that we would keep track of. Specifically for AD, we owned the domain controller configuration, replication, topology, performance, capacity planning, as well as being responsible for a large amount of the dogfooding work that comes around. Because AD is so widely deployed with high availability and redundancy, we’ve always tested new OS’s, fixes, etc.. on the DC’s first. In short, we were the “service owners”.
The other half of the AD support was the Identity Management Team. IDMT owned the account provisioning systems, MIIS, Schema, GPO’s, Trusts, etc… Basically, they were the “data owners” for the directory. For the past year or more, IDMT has been part of our corporate security organization.
Like Bob Dylan says, “These time they are a-changin'”
This most recent re-org has really shaken things up a bit. Rather than maintaining 2 separate groups for different functions, Microsoft IT now has a single Identity and Access Management team, which owns both IDMT and infrastructure functions for AD, as well as PKI, ADFS, and some other services. Whether DNS gets org’d with AD or remains with the core team is still up in the air.
Personally, I’m pretty excited about this change. For one thing, the director of the group is someone that I’ve worked for before, and am happy to work for him again. The combination of duties will help us align better with the way the AD product group is organized. But mostly, because I’ve always worked closely with the IDM Team and have a great working relationship, but when it comes down to it, they had their priorities and we had ours, and sometimes the two didn’t quite meet. Hopefully being in the same org, with the opportunity to influence (and be influenced) by each other will be good for everybody.
One thing that did occur to me through all this, is that I have talked to very few customers about the way that “they” are organized for AD support. I’m sure this varies from company to company, and can only imagine the enterprise type customers having an “AD team”, but I’ve started to wonder whether they split these duties or keep them together. If you see me at TechEd, or talk to me on one of our regular conference calls, and I’ll probably ask you about what YOUR org chart looks like. I’ve always felt that even though in several ways we’re not, that Microsoft IT should be representative of the customers. So in this case, I suppose it would be good to know what that means.