bored

Automate Membership of a Shadow Group

Active Directory does an excellent job of allowing administrators to arrange their security identities in a hierarchal fashion. In a previous blog post , we discussed nested security groups which can be used to implement inherited security permissions.    Active Directory also allows you to structure your Active Directory Organizational Units (OU for short) to…

bored

Active Directory Password Reset…….Back to the Future…!!!

Many organizations still follow the traditional practice of writing or printing passwords on paper and keeping them in a physical vault, which would remain under the control of the IT department. When you have issues with your password or you need to unlock your account, you will have to either track the person who may…

bored

Avoiding Token Bloat with Dynamically Managed Nested Groups

In reading the article “Token Bloat Troubleshooting by Analyzing Group Nesting in AD” by M. Ali, it is pointed out that membership in the nesting of groups can in many cases lead to a condition where tokens carried by an identity can cause performance issues. Along with performance issues are cracks in your security when…

bored

Active Directory creates a Secure Work Enviroment!

Many of our clients are professional services organizations; law firms, marketing agencies, consultants and the like. One of the things that they have in common is that they often have a need to create a place where people both in and outside of their organization can come to share resources for a period of time. …

map

Why you need Active Directory self service

You run an IT department.  No matter if it is big or small, you have to have a help desk.  Your help desk is the public face of IT, the people that the rest of the company knows.  So they call them.  For everything. You know the problem with this, help desks are expensive to…

map

Attribute Based Access Control in Active Directory

In attribute based access control, access to resources is based on the attributes of a user, not from the resource owner specifically granting access to that user.  The user proves their claim based on attributes associated with them rather than having joined a group and/or a role. A great example is that printer down the…

map

Synchronizing Active Directory user attributes with an HR database

Nobody’s Active Directory is perfect.  And by “perfect” I mean with accurate identity information.  Users are an ever-changing group, they switch jobs, last names, phone numbers, cubicles, departments, and projects.  The users know this information but, guess what, IT doesn’t always. So Active Directory gets lonely and out of date.  Eventually, nobody’s identity information is…

map

Top uses for Active Directory groups

Active Directory literally sits in the middle of everything.  As the King of IT Infrastructure, it holds the ceremonial middle spot in any server rack.  Well, maybe I’m mis-using literally.  But figuratively? You bet it sits in the middle of everything. We have carved out a niche as THE software solution for managing Active Directory…

map

A better way to manage Active Directory or SharePoint group permissions

While reading Gartner’s research paper titled, “Identity in SharePoint 2010” by Kevin Kampman, I was struck by one particular phrase that is at the heart of the Active Directory or SharePoint group debate: “visibility is not provided into domain group memberships; SharePoint administrators cannot directly examine the members of an Active Directory group, although it…