AD data is stored in a central, organized, accessible database. Active Directory networks can vary from a small installation with just a few hundred objects to millions of them. It is a key component when it comes to managing very large networks.
Their manager calls the help desk, which calls IT support to action the changes in AD. Once these are made, the manager is notified that the user has been set up. This can take hours, sometimes days. Not only does this process tie up IT with mundane admin chores, but it can mean that staff can't be productive during this hiatus. The other side of the coin applies equally - you can't remove a user's access rights immediately.
Active Directory offers a cost-effective solution. It neatly overcomes these AD admin headaches by effectively delegating AD object management to line managers. If changes have to be made, managers can make them on the spot, with changes going live in as little as ten seconds.
Active Directory uses a web-based AD management interface - it can be installed quickly through a company's internal network as there are no desktop clients to install, and the familiar web-browser user interface cuts the need for training. In fact, it's so simple and intuitive that most staff probably won't need any training.
Active Directory provides granular access control to entrusted staff with no limitations. Once logged in your presented with a home page offering just three options: update access, view access groups and view audited history. Changes to the AD are made via a wizard. A search option is provided, useful if you have thousands of AD objects to contend with.
When you have finished making your changes you simply click the "update all groups" button and it's done.
Paperwork is kept to a minimum. Changes to working practices and user privileges are managed through work flow emails. As well as greatly simplifying AD admin for both line managers and IT support staff, security is also improved by automating a usually manual security process. All Active Directory updates are logged to allow for auditing, which is essential to meet compliance standards.
In fact, Active Directory management can be standardized worldwide and can be used as part of the enterprise's Quality Management. The audit history option on the home page lets you view log information by group/role, date or user. Data can be downloaded and displayed in Excel.
Although Active Directory is a standalone product and doesn't integrate with other network management tools, its web services programming interface (API) will allow the integration of separate systems. As a result, Active Directory can complement existing identity management or account provisioning solutions. At the moment, Active Directory can support up to 100,000 users. System pre-requisites include Windows Server 2000/2003, IIS 6,.NET Framework 1.1, an SMTP e-mail server and MS SL Server, either 2000, 2005 or Express 2005 - most organizations contemplating deploying Active Directory will most likely meet these criteria from the off.
Installation is a doddle - in fact, if you spend more than ten minutes on it, you're probably doing something wrong.
In conclusion, Active Directory is an AD management tool that's well-suited to organizations with more than 300 seats, as well as to managed-data centers looking for a painless and secure method of passing security management tasks back to the client.
Source:securecomputing.net
Their manager calls the help desk, which calls IT support to action the changes in AD. Once these are made, the manager is notified that the user has been set up. This can take hours, sometimes days. Not only does this process tie up IT with mundane admin chores, but it can mean that staff can't be productive during this hiatus. The other side of the coin applies equally - you can't remove a user's access rights immediately.
Active Directory offers a cost-effective solution. It neatly overcomes these AD admin headaches by effectively delegating AD object management to line managers. If changes have to be made, managers can make them on the spot, with changes going live in as little as ten seconds.
Active Directory uses a web-based AD management interface - it can be installed quickly through a company's internal network as there are no desktop clients to install, and the familiar web-browser user interface cuts the need for training. In fact, it's so simple and intuitive that most staff probably won't need any training.
Active Directory provides granular access control to entrusted staff with no limitations. Once logged in your presented with a home page offering just three options: update access, view access groups and view audited history. Changes to the AD are made via a wizard. A search option is provided, useful if you have thousands of AD objects to contend with.
When you have finished making your changes you simply click the "update all groups" button and it's done.
Paperwork is kept to a minimum. Changes to working practices and user privileges are managed through work flow emails. As well as greatly simplifying AD admin for both line managers and IT support staff, security is also improved by automating a usually manual security process. All Active Directory updates are logged to allow for auditing, which is essential to meet compliance standards.
In fact, Active Directory management can be standardized worldwide and can be used as part of the enterprise's Quality Management. The audit history option on the home page lets you view log information by group/role, date or user. Data can be downloaded and displayed in Excel.
Although Active Directory is a standalone product and doesn't integrate with other network management tools, its web services programming interface (API) will allow the integration of separate systems. As a result, Active Directory can complement existing identity management or account provisioning solutions. At the moment, Active Directory can support up to 100,000 users. System pre-requisites include Windows Server 2000/2003, IIS 6,.NET Framework 1.1, an SMTP e-mail server and MS SL Server, either 2000, 2005 or Express 2005 - most organizations contemplating deploying Active Directory will most likely meet these criteria from the off.
Installation is a doddle - in fact, if you spend more than ten minutes on it, you're probably doing something wrong.
In conclusion, Active Directory is an AD management tool that's well-suited to organizations with more than 300 seats, as well as to managed-data centers looking for a painless and secure method of passing security management tasks back to the client.
Source:securecomputing.net
No comments:
Post a Comment