Whenever I speak to Active Directory (AD) administrators, the conversations are remarkably similar. Almost every admin I speak to is interested in sharing or learning best practices around some area of AD (e.g. delegation, change auditing, recovery, Group Policy). Sometimes admins want to share how to best leverage native tools. Other times they want to learn about Quest solutions. In both cases, the conversations always begin and end with “the right tools.” Although the topics vary from conversation to conversation, the admin’s goal is always the same: to achieve more secure and efficient Active Directory administration.
Since the goal is common to AD administrators in companies of all sizes and industries, we compiled a list of “14 Ways to More Secure and Efficient Active Directory Administration.” We had too much content for a blog post; so for a deeper description of tools and methods, I encourage you to download the whitepaper “14 Ways to More Secure and Efficient Active Directory Administration.” Both the whitepaper and the list provide security and efficiency recommendations when using native tools. It should be noted however that Dell’s Active Directory administration solution, Active Administrator, simplifies all these tasks and more. A detailed description of how Dell Active Administrator addresses each concept is also included in the whitepaper.
Here’s a brief run-down on how to achieve more secure and efficient AD administration:
- Create a way to delegate AD permissions consistently
- Keep record of permissions so you can easily “un-delegate” if needed
- Keep record of where permissions are applied
- Create a way to manage temporary assignments with temporary AD permissions
- Keep documentation of security so you can provide reports whenever they're needed
- Keep documentation of what your “Group Policies” actually do
- Maintain caution when editing Group Policies
- Create a backup plan for when Group Policies fail to work properly
- Keep track of "what exactly changed" whenever editing Group Policies
- Make sure users know when their passwords are going to expire
- Proactively monitor AD for unwanted or unknown changes
- Audit AD changes to ensure internal policies are being adhered to
- Identify and remove inactive AD accounts
- Asses AD health and replication status on a regular basis
Whether you address one or all of these points, you’ll be taking an important step. To get more detail on each of these points, download the whitepaper version. It also includes information on how Active Administrator addresses all of these areas from a single, integrated console.