Friday, November 9, 2012

Active Directory Management

Very rarely are you able to find an active directory that can be confidently endorsed as being accurate and current. Typically this is because ongoing maintenance and management is left up to an overworked and understaffed group within IT. For example requests to be added to AD groups require submitting a help desk ticket. Now you have a help desk technician that probably has nothing to do with finance having to track down an approval and add a user to the finance group giving them access to applications, file folders, servers, reports, etc.There are also stories about user accounts remaining active for months or years after the person leaves the organization.

Why not give end users secure, limited access to AD through a web based, self service application to request access to groups and update personal information? Also why not have managers and group owners, again through secure limited access, to bare the brunt of the ongoing maintenance and management? Give them access to approve or deny access requests to the groups they own through a secure web form?

The Active Directory Management Portal showcased in the following video addresses these use cases. Through the portal end users can change personal information stored in active directory such as home phone, cell phone, and home address. Nothing company related, but information that you would like to have current. They can also request access to groups through a web form. The request gets routed to the group owner for approval. Once approved the user is added to the AD group automatically and is granted all the access rights offered by that group. The added value of this system is that administrators can schedule periodic maintenance (monthly, quarterly, annually, etc) where all group owners receive a task to review their group membership. Also managers get a task with a list of employees that report to them according to AD. From the portal they can remove group members that they deem don't require access or inform that an employee doesn't report to them or they are missing an employee. So what happens is that the workload gets distributed throughout the organization instead of being the sole burden of IT.

Check out the video and feel free to post questions in the comments or reach out directly.

Thanks!
WEVO Group
Posted by at
Labels: , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)