Active Directory: When working in Active Directory, is patience a virtue?

Have you ever just been starring at your computer saying, “Come on already!”  Or, “if you don’t hurry up, I am getting out a soldering iron and converting you into a toaster!”  No?  Are you lying to me? Am I just impatient?  Well, if I am, I am not alone.  However, experience has been kind enough (read: I am still alive) to teach me that sometimes, it just takes time.

In general, patience is hard learned in computer work.  I remember coming up with the Starbucks rule.  When creating VPN changes, make your changes and then go to Starbucks; when you get back it will be working.  When it comes to Active Directory, it is actually worse.  Patience isn’t needed just to get the things working: patience is required so that Active Directory isn’t damaged by troubleshooting.

You see, when doing Active Directory work, you sometimes need to slow down.  Why?  It all takes time.  KCC, time synchronization and replication over however many links data has to go across. This is just how Active Directory works since it is a multi-master system.  And before anyone gets any ideas… yes, we all want it to be a multi-master system and accept this as normal.

As a general rule, when doing a major Active Directory project, work at the pace of the slowest task.  Let the changes matriculate. They need to.  In fact, over time it appears that once everything is done and complete… give it a good twenty four hours and then double check it.

Twenty four hours?  Am I insane? Nope.

Take the time and validate that the changes matriculated.  Why?  You see one of the biggest pains in Active Directory is when you don’t realize your environment has some KCC, replication or time errors… and the changes you think went through… didn’t. This does happen.  So don’t rush it.

When you rush it, you make mistakes.  Like not backing up every domain controller when doing a domain transitions or not documenting the changes you are making in a migration. Take the time that the job actually requires.

Oh, and since you’re now taking the time to do it right, how about we all try and  remember to finish the job.  Active Directory projects are left incomplete with epic proportions. Take the time, and finish it. Really finish it.  Yes, even fill out sites and services.  It is all important and makes it easier for those who come after you.

When working with Active Directory just take it methodically.  Then make sure the replication is done.  Rush and you may make a mistake and end up rebuilding your forest.


