project database

SharePoint Security with Active Directory Automation

One of the things that jumped out at me in our recent survey seemed to be confirmed by visiting with a number of folks who stopped by our booth at TechEd.  People are using Active Directory to secure SharePoint groups! Our survey showed that nearly 50% of organizations are, and based on the conversations we…

project database

What are Active Directory Groups Used For?

We recently commissioned a study with Osterman Research to find out what organizations use Active Directory groups for.  Part of it is selfish, we make Active Directory group management solutions, and it would be nice to know that the market is big enough.  But the other, more important, factor is to make sure that we…

project database

Codeless Sync with Active Directory

Forefront Identity Manager (FIM) has been getting a lot of interest based on codeless sync and codeless provisioning.  Carol Wapshere talks a bit about how it’s not all it’s cracked up to be on her excellent blog, Miss MIIS.  She discusses a few key points about the limitations of FIM’s codeless synchronization and points out…

project database

How to Expire and Renew Active Directory Groups

An Active Directory group should only live as long as it is useful to your business.  But without any native tools to expire and renew Active Directory groups, administrators turn to the time-honored, “delete it and see who complains” technique.  The problem is, then you have to re-create that group, its members and permissions if…

project database

Dangers of Orphaned Active Directory Groups

An orphaned Active Directory group is a group with no owner.  On the surface, that doesn’t seem that bad, email is still delivered, permissions are still applied.  But there are some real dangers to the business if you allow Active Directory groups to go ownerless and the membership becomes static. Common Danger for Orphan AD…

project database

Dynamic Active Directory Groups for Message Delivery Restrictions

Active Directory and Exchange offer a great tool for managing communication to distribution lists: message delivery restrictions.  This concept is pretty easy to understand, if you have an Exchange distribution list that you want only certain people to be able to email, you include them in the message delivery restriction.  Conversely, if you want certain…

dynamic active directory groups

Nesting Active Directory Dynamic Groups

What are Active Directory Dynamic Groups? Active Directory Dynamic Groups are the ones that dynamically maintain their memberships based on rules. These rules are applied in the form of a user-defined query, such as an LDAP query. This query is defined once and scheduled for membership update using a Dynamic Group Update job. When the…

Computer Objects in Active Directory Security Groups

In Active Directory, a computer object is a security principal. This means that just as with a user, you can give permissions for resources and assign security group memberships to the computer. Applying permissions to Active Directory groups, more specifically, Active Directory security groups instead of OUs is a generally accepted best practice. For user…

project database

Computer Objects in AD Security Groups

A computer object is a security principal. This means that just as with a user, you can give permissions for resources and assign security group memberships to the computer.  Applying permissions to security groups instead of OUs is a generally accepted best practice.  For user objects, you can delegate part of this and automate most…

project database

Case of Active Directory Groups Multiple Owners

Managing Active Directory is a repetitive and routine task yet can be overwhelming. Group management is performed in Active Directory as a means of simplifying administration and achieving flexibility. Keeping it all orderly and secure is a challenge fraught with nuance and details that are time-consuming without the correct tools. Table Of Contents Group Owners…