Imanami Active Directory Management Software is based on feedback from CIOs and IT Managers every step of the way. We get the feedback about market needs because we ask. We host online forms and chat rooms to discuss issues with our customers and would-be customers.
Imanami’s CEO and Chief Software Architect, Robert Haaverson, makes no bones about saying that the company will continue to design software that solves problems for IT Managers that are “Need-to-Haves” and not “Nice-to-Haves.”
Founded in 2001, Imanami has an incredible customer base that has helped define our Group Management strategy and the features within our solutions. We value the constant feedback which helps spur our innovation. Imanami has over 500 customers from every industry, including: AT&T, Microsoft, Grant Thornton, Department of Homeland Security, Rubbermaid, SAIC, Mentor Graphics, the U.S. Department of Energy, Hershey’s, Cendant, and CNA.
Microsoft Exchange is the number one use for Active Directory Groups. A Survey commissioned by Imanami of IT Managers taken by 3rd-party-research experts: Osterman Research, yielded quite a few pertinent trends companies are facing when using Microsoft Exchange as a production email system. Let’s take a look at the report:
In order to qualify for the survey, respondents had to be involved in managing groups and other aspects of Exchange management, and the organizations for which they work had to have at least 1,000 email users. The online survey was completed with 109 respondents drawn from the Osterman Research Survey Panel.
The mean number of employees and email users at the organizations surveyed were 16,871 and 14,785, respectively; the medians were 4,500 and 3,500, respectively. Organizations from a wide range of industries were surveyed. Respondents are quite experienced: respondents have been in their organizations’ IT/MIS department a mean of 8.9 years (median of 8.5 years).
Among the problems experienced by those responsible for managing Exchange are users having access to systems, information and other resources from when they had previous positions within the company (mentioned by 36% of respondents as a “problem” or “significant problem”.
Other problems include managing employee churn/turnover in the context of provisioning users, changing groups, managing Active Directory, etc. (31%) and the security of Active Directory groups (27%). Add to this the fact that there is a median of 150 groups in each of the organizations surveyed and that a median of 10% of these groups are no longer active.
The survey also found that one in ten users in the organizations surveyed still receives
email from groups that used to be relevant to their jobs, but that are no longer relevant; in fact, 44% of the respondents to the survey have received an email sent to a DL of which they were not a member.Further, a median of 12% of employees change departments, groups or otherwise should have their information in Active Directory updated.
What this means is that in an organization of 3,000 users, 360 users need their Active Directory information updated each year, or roughly seven users per week. However, new employees must be added to the mix, requiring a median of two days for their information to be entered into Active Directory, while it takes a median of three days for HR to let IT know that an employee has left the company; a median of 2% of the people in Active Directory are no longer employed by the company, or 60 people in an organization of 3,000
Security Issues Need to Be Taken Seriously
The last two points are among the more serious security issues that organizations face. In a 3,000-user company with a turnover of 10% per year, 300 people will leave the company per year. That means that at any given time, at least a few ex-employees will have access to email and other network resources until IT can delete them from Active Directory or otherwise disable their access credentials.
Underscoring this is the survey finding that 42% of organizations report that someone has accessed information from Active Directory that they were not authorized to access. Further, 39% of survey respondents reported that having out-of-date information in Active Directory is risky or very risky.
Active Directory / Group Management Is Expensive…
The research found that a mean of 5.8 person-hours per 1,000 users is spent during a typical week on updating or otherwise managing groups in Active Directory. If we assume a fully burdened salary of $90,000 for the IT administrator(s) charged with this task, that translates to a cost of $13,050 per year for updating or otherwise managing groups in Active Directory, or $1.09 per user per month. If we assume an organization of 3,000 users could manage their email system for $15 per seat per month, Active Directory management accounts for about 7% of the total cost of email management.
What IT Would like To Have
The survey asked respondents a hypothetical question: “Let’s say you could purchase a group
management solution for Active Directory that would reduce IT time spent managing groups,
would keep groups up to date, and would generally make your IT staff’s life easier in the context of managing Exchange and Active Directory, etc.” We found that 48% of respondents indicated that they would likely or very likely deploy such a solution, clearly indicating that there is demand for improved group management capabilities and practices compared to current capabilities in use. Further, 57% indicated that would most likely or definitely purchase the solution at a price of $5 per user, while 22% would be this likely to purchase the solution at $10 per user.
Our conclusions from this research:
Group management is not the most serious problem faced by Exchange managers,
but it is a serious one that presents a number of security problems because of out-ofdate
records, former employees who still have access to sensitive corporate data, etc.
Group management is expensive, particularly for smaller organizations that run
Exchange. However, even at the enterprise level, the labor cost of group management
is not inconsequential.
Many IT departments are looking for a better way to manage groups in Active Directory
as evidenced by the fact that nearly one-half of respondents to this survey would be
highly likely to deploy a new solution that addressed their concerns.
Imanami GroupID modules address specific pain points highlighted by the research. For example, regarding employee turn-over, one of the principle uses of GroupID Synchronize is ensuring that AD profile data is always current and accurate. GroupID Automate in turn, further ensures that AD Group membership (Distribution Lists and Security Groups) are accurately maintained and the security risks associated with the ever-changing employees are mitigated.
For more Tips and Tricks Dealing with Active Directory Management of Security Groups and Distribution Lists please join our blog at:
Imanami is the Leader in Active Directory Group Management Software focusing on Security Groups and Distribution List Management Automation.
To learn more about Imanami Group ID Solutions, click the button below: