I'm leading my team's end of an ongoing project to enforce data structure standards on multiple internal customers within USDA, as part of an IT centralization initiative. Because each of these agencies previously had their own IT staff, the way data access has been granted and administered varies drastically along with the folder structures themselves. This project's goal is to ensure that all data is handled in a standardized structure to assist with easy auditing and maintenance of file/folder permissions as well as to realign teams back to a "least permissions" model where previously some customers had a "most allowable" model. I'm currently the point person for five separate agencies (customers) who are at various points along in this process.
This has been an interesting challenge because as a governmental organization, roles are very dispersed - there's no "full stack" admin team, each team has specific rights/roles. Most notably for this project, my access to manipulate objects in Active Directory is somewhat limited - I can't add or delete any groups or users myself, and I have only limited access to edit their objects. This has meant ensuring I maintain a good working relationship with the team that is responsible for doing AD object maintenance.
Another huge obstacle that I'm still working on overcoming is that each prior IT group had different ideas about how groups should be handled in AD and how permissions should be assigned. For example, one agency has no less than thirsty separate shares in a situation where our standard would be perhaps two. Another agency's IT staff were utilizing OUs and GPP to handle file permissions, and now all the user objects got moved in Active Directory as part of centralization, so we're having to redesign to use AD groups for file permissions on a server where the permissions were basically wide open within their agency before.
This has also been my first real taste of how meeting-happy a large enterprise can be. I've worked before in large organizations, but not in a role where I was doing project work. There are whole weeks that go by where I feel like the only thing I accomplished was doing status updates in meetings that I haven't accomplished anything new because I was in other meetings.
More to come, I'm sure.