Notice: will be retired soon. Please visit our new site at

Security & Delegation

Active Administrator provides organizations with a quick, consistent way to assess security and delegate roles. In addition, organizations can set expiration dates for users with temporary roles, restrict usage of Active Administrator features, and report on the state of AD security.

Create and manage sets of permissions with Active Templates

Active Templates allow you to quickly create and manage sets of permissions to be applied to objects in Active Directory. Unlike the Delegation of Control wizard, any changes made to security using Active Templates can be repaired or removed. Simple graphical indicators allow administrators to see where the templates are applied and the status of each. Custom templates can be made and standardized easily.

Assess the security of your Active Directory

You can quickly assess the security of your Active Directory structure with the Security viewer. It provides a hierarchical view of the containers linked to a domain controller, the objects stored within those containers and all associated native permissions. You can also see where Active Templates are applied, filter for inheritance and view group members.

Find AD objects and their associated permissions quickly

You can find AD objects and their associated permissions quickly with Quick Search. You can find AD objects or find permissions associated with a particular AD object, with filtering in the search by accounts, access types, generic rights and more. You can also search for an AD object and take action from the same screen.

Make permissions expire automatically

When you apply a permission with Active Templates, you have the option of expiring the permission on a specified date. This is feature is useful and convenient for temporary workers, contractors or auditors who need limited access.

Create and manage password policies

The Windows Server 2008 operating system provides a way to define different password and account lockout policies for different sets of users in a domain. Active Administrator leverages this technology with a simple interface for creating and managing fine-grained password policies. You can create, edit and delete policies and link them to users and groups in Active Directory.

Restrict use of Active Administrator’s features

You can restrict usage of Active Administrator’s broad feature set, which is especially useful if your organization delegates Active Directory responsibilities among different team members. For example, you could restrict the recovery features from all of your junior administrators (or contractors). These junior administrators would be unable to access the recovery features because the features wouldn’t be displayed for them. You can also set delegations to expire automatically on a set date.

Get the security reports you want

Active Administrator provides exportable reports that focus on the security of Active Directory. You can see how many of a particular object class are stored within a container, which permissions are delegated to an object and its child objects, and which Active Templates are applied to a particular object.