Active Directory Scripts

The Dangers of Scripting Active Directory Group Management

Now more than ever, scripting in the Microsoft world has extended the administrative abilities of an IT pro well beyond the simple use of built-in tools. You have, in essence, an unlimited ability to automate just about any part of the administration of your Microsoft environment — including Active Directory — with Powershell and other…

Bringing Shadow IT Into the Light

Bringing Shadow IT into the Light

I’ve written and spoken many times  about the topic of Shadow IT. It’s a tech buzz phrase with a somewhat negative connotation, indicating that users are taking IT matters into their own hands and bypassing IT to solve their own challenges. For the record, when a user does this and their actions put the organization…

6 Best Practices for Consolidating Active Directory Groups

When we talk about consolidating Active Directory groups, we refer to the process of cleaning up the clutter of groups accumulated over the years, so that only the relevant groups exist in the directory. Consolidating Active Directory groups is one of the most daunting tasks that IT administrators must undertake. Poor cleanup procedures can expose…

3 Steps to Better Group Management

Group management in Active Directory is so much more than just making sure that memberships are correct. There’s an entire lifecycle process devoted to improving the management of groups — and the security they represent. But for many of you, there simply isn’t enough time (yet) to devote to implementing an entire group lifecycle. So,…

AD Group Cleanup

A Case of IT Paralysis

When I was a kid, I remember playing in my room for hours on end, playing with new toy after new toy. Of course, being a kid, I never put anything away, so the number of toys just sitting around kept growing and growing. When my parents finally saw that my floor was riddled with…

permissions-certified

The State of Active Directory Groups: Confusion, Chaos, or Control

If you’re like most IT professionals, after a group is created, you never really give that group a second thought. Once you go to the Members tab, add a user or two, and press OK, you don’t look back. It makes sense — it’s just groups, right? I mean, who cares? Perhaps the better question…

managing-groups-the-right-way

What’s the Right Way to Manage Groups in Active Directory?

In previous articles, we’ve discussed the reasons why IT often doesn’t pay attention managing groups in Active Directory (AD), as well as how security threats can arise from not doing so. In this article, we are going to review the steps required to manage groups in AD effectively and efficiently. Before we start, let’s establish…

Active Directory Group Security: “You Don’t Even Know”

If you were to ask what’s the most difficult part of managing Active Directory groups, we’d probably get a few different answers. Probably very few of you (if any at all) would focus on the actual creation and maintenance of the groups, while most (again, if not all) would focus on the issue of where…

Group Membership Lifecycle

The case for temporary membership You are sitting around a table to discuss the current status of a critical project. Things are not looking real good and it seems that there is no way to reach the end of the project by the necessary deadline with the staff currently tasked with the work. There is…