New Job - AD is a mess. Is this normal

Posted by Auno94@reddit | sysadmin | View on Reddit | 136 comments

Hello,

I switched employers and in both my previous ventures the AD was more or less fine. Both in terms of Users/groups and file permisssions.

My new job hasn't deleted any group, or user in the last 7 years, they have onboarded and never correctly offboarded tools to "fix" their mess and only ever made it worse.

While I am in the process of getting a proper audittool for it (perhaps Netwrix Auditor) my question is. Is this "normal" as in was I just lucky that we implemented processes to kill unneeded AD Objects and offboarded stuff AD wise in a decent way?

Company is around 350 people big and before I started cleaning up it had (roughly)

2300 user accounts

3000 Groups

200 Service accounts