Active Administrator provides organizations with a quick, consistent way to assess security and delegate roles. In addition, organizations can set expiration dates for users with temporary roles, restrict usage of Active Administrator features, and report on the state of AD security.
Create and manage sets of permissions with Active Templates
Active Templates allow you to quickly create and manage sets of permissions to be applied to objects in Active Directory. Unlike the Delegation of Control wizard, any changes made to security using Active Templates can be repaired or removed. Simple graphical indicators allow administrators to see where the templates are applied and the status of each. Custom templates can be made and standardized easily.
Assess the security of your Active Directory
You can quickly assess the security of your Active Directory structure with the Security viewer. It provides a hierarchical view of the containers linked to a domain controller, the objects stored within those containers and all associated native permissions. You can also see where Active Templates are applied, filter for inheritance and view group members.
Find AD objects and their associated permissions quickly
You can find AD objects and their associated permissions quickly with Quick Search. You can find AD objects or find permissions associated with a particular AD object, with filtering in the search by accounts, access types, generic rights and more. You can also search for an AD object and take action from the same screen.
Make permissions expire automatically
When you apply a permission with Active Templates, you have the option of expiring the permission on a specified date. This is feature is useful and convenient for temporary workers, contractors or auditors who need limited access.
Create and manage password policies
The Windows Server 2008 operating system provides a way to define different password and account lockout policies for different sets of users in a domain. Active Administrator leverages this technology with a simple interface for creating and managing fine-grained password policies. You can create, edit and delete policies and link them to users and groups in Active Directory.
Restrict use of Active Administrator’s features
You can restrict usage of Active Administrator’s broad feature set, which is especially useful if your organization delegates Active Directory responsibilities among different team members. For example, you could restrict the recovery features from all of your junior administrators (or contractors). These junior administrators would be unable to access the recovery features because the features wouldn’t be displayed for them. You can also set delegations to expire automatically on a set date.
Get the security reports you want
Active Administrator provides exportable reports that focus on the security of Active Directory. You can see how many of a particular object class are stored within a container, which permissions are delegated to an object and its child objects, and which Active Templates are applied to a particular object.