Active Directory (AD) is the heart of authentication within your organization. Without it, the varying levels of authentication required for your users to access that corporate resources would prevent them from doing their jobs. AD allows your users access to their computers, desktop, network, and other domain connected resources. So regardless of the size of your organization there are typically A LOT of objects in Active Directory to manage. This makes simplification of object management very import.
Also organizationally, it is likely to find that there is a team of individuals dedicated to certain aspects of the platform. For example, your desktop team may need access to clean up old computer objects from PCs that were not properly removed from the domain. There may be individuals dedicated to user creation, or separate people that are in charge of the terminations. The point here is that depending on compliance/security requirements of your organization there may be segregation of responsibility. Making it is absolutely imperative that those individuals only have access to what they need and nothing more, but even more important is how we can automate their work-flows. This allows for more streamlined processes, simplification of the overall process, and reduces the amount of time required to complete the task being accomplished.
What is the best way to approach these challenges? The answer, well it depends on your organizational compliance/security requirements, but we will cover the many approaches that can be used to tackle the challenges of Active Directory management, and show you how to get started with a great 3rd party tool called Adaxes that will help you meet the security and Active Directory needs of your organization.
Management and Automation Using Native Tools
Before we dive into the value of 3rd party tools for automation, let’s take a closer look at what it means to do this natively. Active Directory comes with some role-based management that will allow for some segregation of rights, but may lack the granularity your organization requires. That being said it will get you started in the right direction if your Active Directory compliance rules wrapped around security are not overly strict.
Active Directory also has native toolsets that allow manual creation of user accounts, groups, application of group policy, and all the fun things we can do in Active Directory. Some organizations will fully or partially automate some of their AD tasks using PowerShell scripts though too. Depending on the approach used, native tools can make the work mundane, repetitive, and the work will need to be revisited after an upgrade if there was any previously used automation. This is due to updated PowerShell commandlets. That being said with the right 3rd party tool to do the job; your organization no longer needs to rewrite all those processes and scrips that were put in place for your previously used version of Active Directory. Also important is that by using 3rd party automated workflows, vendor support will ensure the existing functionality still works even after a product upgrade to a newer version of Active Directory. This is an operational savings due to the fact that you will not be dedicating manpower to upgrading all of your processes and automation scripts that were completed using native tools.
Now that we have a better understanding of what can be done with native Active directory, let’s take a closer look at a 3rd party tool called Adaxes that can simplify and automate your organizations Active Directory tasks.
Setup a New User with Adaxes Automation
By automating your organizational workflows; the responsibility that comes with compliance and security becomes simplified. Wouldn’t it be nice to automatically create your users home directory, put the appropriate permissions in place, setup the mailbox, enable the User for Lync and enable their Office 365 account? Below is an example of a business rule that was setup to complete all of that automatically.
Setup and Provision a New User with Adaxes
Or what if we could provision that user after creation so that it automatically creates the Exchange mailbox, enables an Exchange archive, creates/adds permissions/maps the user home directory, activate their Office 365 account, stamps the user account with a created by name/date stamp, sets their terminal services profile path and runs a PowerShell script for additional provisioning needs. This is all entirely possible through a simple GUI which is shown below.
Deprovision a User with Adaxes
Sometimes users may choose to leave an organization, and in this case we would want to deprovision the account according to our corporate standards. Automation of these tasks is especially beneficial for global organizations with varying time zones. Even if that is not the case this example ensures that the process is completed in timely and automated fashion. For this example, the deprovisioned user is moved to a special AD OU, the account is disabled, the password is reset, the account expiration is adjusted, the description is changed, the home directory is deleted, the Lync and Office 365 accounts are disabled and licensing revoked, the mailbox is hidden, and the messages start being forwarded to their manager. This process would likely take a person about 30 minutes to complete manually, but would be completed automatically and in a short period of time through this 3rd party tool. An example of this rule can be seen below.
These are only a few of the use cases that could be used for automation of AD user account provisioning, but the possibilities really become up to your organizational requirements and needs when determining the correct “Business Rule” design that will best empower your AD administrators. This leads to overall business success.
Looking to the Future
Active Directory and the organizational objects created in AD are vital to functionality of daily business. Without Active Directory authentication we could not successfully complete our work. Automation of this work becomes critical to daily business function for administration of Active Directory objects, supports compliance requirements for security, and simplifies job functions. While there are both manual and native automation tools we can use, they are often very time consuming to implement and typically require additional rework with each future Active Directory Upgrade.
To better support your organization for the long-term, 3rd party tools should be considered. Allowing your administrators to work smarter, simplify processes, and ensure your organizational security/compliance needs are being exceeded.
Sponsored by: Adaxes