Everything You Ever Wanted to Know About Active Directory Management and Security but Were Afraid to Ask

A little while back I was reviewing anecdotal stories from some of our One Identity solutions customers. I found an alarming theme across a number of them. Alright it was alarming for these customers but encouraging for me and the IAM solutions I represent. I found that a high number of customers that were undertaking an enterprise IAM project found themselves bogged down in the minutiae of managing and securing Active Directory (AD) and getting AD to play nicely with their “enterprise” IAM platform.

Active Directory is ubiquitous. It’s everywhere and has such a stranglehold on the network, that when AD goes down, mutiny often is the result. AD deserves this position – it’s an awesome directory and solved one of the age-old problems of client/server computing – creating a unified authentication and authorization experience across multiple mission-critical applications and systems. But AD is also notoriously difficult to manage and secure. Since management and security are the purpose of an IAM framework, integrating AD with the framework is a priority. Unfortunately, for many of these customers the amount of time, effort, and money required to “get AD right” prohibited them from enjoying the benefits of enterprise IAM.

Fortunately, the customers I looked at were able to undertake a few simple steps that overcame these challenges.

  1. Implement an AD-optimized administrative tool to remove the requirement to custom-build the necessary functionality into the framework
  2. Extend the goodness of AD to non-Windows systems that can take advantage of AD-based authentication, group management, and authorization
  3. Once AD is under control, focus the enterprise IAM efforts on the next most important system…whatever that may be

Of course I wouldn’t be telling this story if it didn’t have a happy One Identity ending.

One of the key components of our IAM portfolio is precisely the solution described above. Active Roles (formerly Quest ActiveRoles Server if you’ve been following our solutions for a while) is a proven AD management and security tool that does all of the heavy lifting required to keep AD under control and out of danger. It integrates with existing or planned enterprise IAM solutions (including our own One Identity Manager) and can be extended to a number of non-Windows systems through our AD bridge solution.

Even if “enterprise” IAM is not on your immediate horizon, the benefits of Active Roles are compelling just to automate the cumbersome and error-prone AD administrative tasks that bog down so many IT departments.

We have a white paper called “The 12 Essential Tasks of Active Directory Domain Services" that details exactly what Active Roles does, and why it is such an important tool to overcome this obstacle to successful IAM.