Goodbye AD
A developer where I used to work (sub prime mortgages, 2008) was working on a portal that stored user information in active directory inside a DMZ (it was a weird architectural decision made by an idiot IT Ops manager trying to be an architect). The developer, let's call him Roger because that was his name, had written a fairly useless function to delete the entirety of AD.
1) Why was he making a button to do that?
2) Why did he even have the permissions to do stuff like that on a wholesale basis?
Anyway one Friday afternoon at around 5pm he tested the button, as a good developer does, on the live system, like a bad developer does.
3) Why was there no dev/cert/test environment?
4) Why even test a function that nobody asked you to make?
He then got a bit embarrassed and waited about 15 minutes before telling the operations guys. This happened to be exactly the time interval between replications from the main site DMZ to the DR site. Consequently the replication wiped out all the objects there too.
He then went home.
5) Why was he ever allowed back in the building?
The story had a happy ending because we recovered from an hourly ntbackup to disk in under an hour but it didn't do much to cement the ops/dev friendship.
Biting the hand that feeds IT
