One of the great features of GroupID 6 is Active Directory history. It’s not exactly auditing, it’s a bit more useful than that; history allows administrators and users to easily see changes to the AD objects that they care about.
For administrators, the use cases are simple. You come into the office and the help desk has received ten calls that users cannot access a particular folder. Quick research shows that the AD group that controls access has no members. AD History will show you the 15 members that were removed and you easily add them back.
The next step is to see if any other groups had their membership nulled and proactively fix it before the next ten calls come in. That is what excites our customers for day to day usage of AD history.
But then you get to the end user aspect of it. Let’s say I am a manager and group owner as well as a regular user. I use GroupID Self Service to manage my employees’ identity information, my groups’ memberships, and my own identity info and group memberships.
As a manager, I need to know all of my employees correct mobile numbers. But I’m not going to check their profiles every day to see if anything changed. By glancing at history every once in a while, I can see that Billy Robertson changed his mobile number in AD and change it in my personal contact list. Basically, any changes to any of my direct reports shows up in my history.
As a group owner, this can be even more important. Let’s say I have a group called Project X, granting file access for those working on the top secret next generation toaster oven. One morning, I see that an IT admin added 4 users to my group — 4 users that should not know about the highly classified flux capacitor’s secret components. Without history, I would have had to audit the membership each day to see that change. With history, I see the changes on my welcome screen and immediately fix it.
As a user, I open up Self Service to see that I’ve been added to some top secret group and been promoted to Chief Stealth Ninja by some guy named Nefarious Admin. I know that neither of those things should have happened, contact HR to profess my innocence and concerns about the Admin. They check the AD history using their help desk rights and determine that I did nothing wrong, reverse the changes in AD, and contact the admin in question to find out what happened.
These are, of course, just a few of the practical uses for end users to know what is happening in AD. All too often, Active Directory is a mystery to end users despite its constant effect on their day to day work lives. The end result of that mystery is help desk calls.
Giving end users some insight into just the parts of AD that effect them, you can save those help desk calls and make your business run more efficiently. Schedule a demo and we can show you some of this stuff in action (just not the top secret toaster oven).
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.