bored

A Day In The Life Of IT Without Imanami AD Group Management Solutions

Active Directory Group Management solutions can make all the difference in the day-to-day life of an IT Manager and everyone else in the company. As we all know, there are two ways to manage any department. The first management style is “Putting out Fires” the second is “Proactively Managing” by anticipating problems based on past performance,…

bored

Automate Membership Of a Shadow Group

Active Directory does an excellent job of allowing administrators to arrange their security identities in a hierarchal fashion. In a previous blog post , we discussed nested security groups which can be used to implement inherited security permissions. Active Directory also allows you to structure your Active Directory Organizational Units (OU for short) to reflect…

bored

Avoiding Token Bloat with Dynamically Managed Nested Groups

In reading the article “Token Bloat Troubleshooting by Analyzing Group Nesting in AD” by M. Ali, it is pointed out that membership in the nesting of groups can in many cases lead to a condition where tokens carried by an identity can cause performance issues. Along with performance issues are cracks in your security when…

map

Top uses for Active Directory groups

Active Directory literally sits in the middle of everything.  As the King of IT Infrastructure, it holds the ceremonial middle spot in any server rack.  Well, maybe I’m mis-using literally.  But figuratively? You bet it sits in the middle of everything. We have carved out a niche as THE software solution for managing Active Directory…

map

Using Active Directory Groups for Cloud Identity Management

I recently watched a great video on cloud federation by Coreblox and Ping Identity.  You know the problem they’re trying to solve, your users are using applications in the cloud and your access and authorization solutions are stuck on premise.  Ping Identity solves that beautifully. Here’s the gist: an Active Directory user is added to…

map

The Best Way to Expire an Active Directory Group

In the world of Active Directory, groups are binary: they exist or they don’t.  Other Active Directory objects can be tombstoned, but with groups, they become useless once tombstoned since all of the ACLs and memberships are lost.  And Active Directory doesn’t give you the ability to expire and renew them while keeping all of…

map

Accurate Active Directory Group Membership with High Employee Turnover

The average organization has just under 20% annual internal turnover.  This means that 1 in 5 employees will change jobs per year.  At the same time, external turnover is approximately 5%, meaning 1 in 20 employees will leave the organization.  That, my friend, is a lot of change. But it is nothing compared to the…

map

Accurate Active Directory Groups Keep Kids Out of Jail

I know that the premise that accurate Active Directory groups keep kids out of jail is so obvious that it might not need to be said.  But we wanted to explore the concept of what accurate Active Directory groups do for your organization more fully.  More scientifically. Ruminating in a think-tank fashion, we came up…

Distribution Group Vs. Mail enabled Security Group

Distribution Groups or Mail Enabled Security Groups?

When we talk about Active Directory groups, we are usually talking about two kinds of groups: Distribution Groups and Security Groups. Managing distribution lists and security groups is a mission-critical task for just about any IT organization. Active Directory distribution groups work with your email client to define who is included on group messages, while…

project database

Issue with Query Based Distribution Groups and BPOS

Somehow I missed a comment that was posted on a previous blog post titled An alternative to Query Based Distribution Lists (QBDLs).  In that post, I was talking about the advantages of actually creating a group in Active Directory with your queries vs. the QBDL method of executing the query against Active Directory every single time…