AD vulnerability patching
As with any complex software environment, Active Directory suffers a steady stream of vulnerabilities that need patching.
Years ago, this was an occasional hassle but has since turned into a mission critical nightmare that never seems to end because woe betide the admin who forgets to apply an important patch.
The cycle goes like this – patch, feel satisfied as a problem averted, and quickly feel that there’s something you missed. The sanity helpmate is to use a patch management system or, as a last resort, Windows Update or Windows Server Update Services (WSUS). However, the biggest hassle is that many patches need extensive testing and that can mean downtime. Once applied, everything – DHCP and Active Directory services – need to be tested again. This is why admins are worth the paycheck.