Nuances of Better User and Active Directory Management in a Dynamic IT Environment

by November 10, 2015 0 comments

– Derek Melber, Technical Evangelist – ManageEngine
Every administrator needs to deal with the fact that the company they work for makes money based on the data that is produced, altered, maintained, and accessed. If an employee fails to access the data they need, it will cause delays, complications, errors, and loss of revenue. On the flip side, if the wrong employees are granted access to data, negative outcomes and loss of data (thus revenue) could be an outcome. If the only thing administrators needed to accomplish was a static list of employees and their access to data, the task would be quite simple. However, this is not the case, as most IT environments and corporations are dynamic.
What Makes IT and Companies Dynamic?
There are many factors that cause IT and companies to be dynamic. There is an infinite list of reasons, but the top of the list includes the following:

• Turnstile of Employees – Most organizations encounter constant shifting of employees. This could be due to the employee leaving the company, being promoted, or being released from the company. It is the responsibility of IT to ensure that new employees have the correct access, promoted employees have altered access, and separated employees no longer have any access.
• Changing of Roles and Responsibilities – Building on the turnover of employees in general, each department individually deals with employees changing roles and responsibilities. This could be due to promotions, or even just vacations. The IT department must manage these changes to ensure the correct employees have access to data at the correct time.
• Applications, Servers, and Storage Devices Change– New operating systems, hardware, infrastructure, security reasons, and other issues can cause changes in the core access to data. This access could be altered if devices change names and/or IP addresses.
• Time Restrictions – IT has many tasks to perform each day. Managing users and groups is an obvious task, but when a server, service, or other resource is unavailable, the priority usually shifts to making it available again. If IT had workflow solutions, automation options, and delegation of task capabilities, the overall IT management efficiency could be improved dramatically.
Solutions to Make IT More Efficient
Trying to find solutions that take the complexity out of a dynamic IT environment is not hard, especially when the reasons for the dynamic aspects are known. Below are some potential solutions that can make a dynamic IT and corporation more stable, consistent, and efficient.
• User Creation Templates – Templates should be complete enough to handle both basic and complex configurations of users, including single sign on product integration, and even custom properties for user accounts. Finally, these templates should also interact with bulk user creation.
• Bulk User/Group Creation – Bulk user creation options need to be simple, yet comprehensive. The solution needs to have complete documentation for the CSV file structure, as well as easy import and verification of the interpretation.
• Bulk User/Group Modification – Often, users and groups already exist in Active Directory, but require modification. Instead of attempting to manually update the objects or script a solution, a bulk modification option needs to be simple and easy.
• AD Management Workflow – Workflow is often required for management of users and other AD objects. It is important to have flexibility in the roles associated with the workflow, not to mention reporting for where tasks are in the workflow process, and who performed which actions.
• AD Automation Tasks – Many tasks related to users, groups, and computers can be automated. In addition, automation tasks need to be comprehensive and reportable. The scheduling of these tasks also needs to be flexible and complete.
• AD Change Monitoring – It is impossible to know when every object in AD changes. Therefore, being informed when objects change via a GUI, or even an email alert is important for a stable AD. The ability to monitor when any AD object is created, modified, or deleted is essential for a dynamic, or even static, AD environment.
• Friendly graphical interface – GUIs need to be easy to understand, find tasks in and customize. Without these options, a GUI can become a “task” itself, which can compromise the efficiency of obtaining the solution in the first place. HTML solutions are easy to deploy, update and maintain.
• Delegation capabilities so people outside the IT department can complete tasks – Not all tasks need to be completed by the IT department. Delegating tasks to the key decision makers for each AD and user management task can free up time for the IT staff.
• Error checking and reporting – Often, scripts and command line tools perform actions that can cause issues and errors. Without reporting the erroneous and successful completion of tasks, it is time consuming to determine if all of the tasks defined in the script were actually completed. An efficient solution will come with error checking and reporting.
• Reporting of past activities and changes – Obtaining reports on past actions and changes to AD objects is essential in efficient troubleshooting and compliance reporting.

Dynamic IT environments require dedication, processes, and the correct tools. User and AD management are long term tasks, but the solutions can be modern day efficient tools and solutions. Without a contemporary solution, most organizations are left with archaic and inefficient tools and scripting that can waste time on the management or recovery of errant scripts and configurations. Modern day solutions should cover a wide range of features and tasks, and those features and tasks need to be complete solutions.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.