Accurate Data in Active Directory
Accurate data in Active Directory is essential for security and productivity. Active Directory access management synchronization should be simple; using schema detection, GroupID Synchronize will detect changes in either source and replicate that change bi-directionally to the destination. Whether you are synchronizing SQL, Oracle or any other data source with Active Directory, you will always be sure that accurate data is in all of your systems.
“We did not have any problems installing and setting-up the software and it has been running very smoothly ever since. The issues we dealt with related to matching our internal processes to what was needed to make synchronization work.”
Network Manager – The Juilliard School
According to a recent survey by Osterman Research, in the average organization, IT doesn’t know to de-provision an account for 9 days after a user has left the organization. And, on average, 5% of the users in Active Directory are no longer employed by the organization. This is a security flaw. GroupID Synchronize reduces that 9 days to near real-time. And, assuming that the authoritative HR source is accurate, GroupID Synchronize removes those 5% that are no longer employed.
Those same issues occur in the inverse for a new employee. If IT doesn’t know to provision a new account for 9 days across azure ad or active directory groups, what is that employee doing? Probably nothing on a computer. By using GroupID Synchronize to provision new users to Active Directory and Exchange, these new employees can be up and running immediately.
Another access management issue is internal turnover. The same survey reported that on average 19% of employees change job responsibilities in a given year. All of that information needs to be put into Active Directory: new job title, new location, new billing codes and on and on. By utilizing GroupID Synchronize you can get the information into Active Directory or any other important system such as your financial system, CRM, and others.
Accurate data is essential to properly automate group membership. GroupID Automate will ensure that a user is in the correct group if the user’s data (department, title, location) is correct. GroupID Synchronize will make sure that data is correct. This enhances security and productivity. Consider the de-provisioning example above. Even if you don’t de-provision the user immediately, taking them out of all security groups will basically ensure that they do not have access to any systems, effectively giving you a double-pronged approach to security for ex-employees.
GroupID Synchronize is a bi-directional synchronization engine. Utilizing a very intuitive GUI to build scripts, you can create jobs to provision, de-provision or Synchronize multiple data sources. Picture Active Directory being your hub and becoming the accurate source for all data. Synchronize directly connects two data sources through a job. It does not use or require a staging area or meta directory. A job defines the connection information needed to access each data source, how the data is related and how the data should flow.
For example, let’s say you have employee information stored in an Oracle table and you want to update users in Active Directory with this information. You would start by launching Synchronize and creating a new job. The job wizard will walk you through the process. You first provide the connection information to Oracle and Active Directory (the name of the server, the table, and credentials to use, etc.). Synchronize will then examine the data sources and provide you with a list of attributes available in Oracle and Active Directory. Select the attributes in Active Directory that you would like to populate from Oracle.
Next the wizard will ask how to find related records. Typically there are one or more columns in your source (the Oracle table in this case) that match one more attributes in Active Directory. This might be an employee identification number, user ID or just by their name. Once you have the relationship defined via the key fields it is time to connect the columns in the Oracle table or view to attributes in Active Directory. You can directly connect the attributes or you can use transformations (synchronize scripts) to calculate the value of an attribute.
Once the wizard is complete you can run a Preview to see what would happen. During the preview Synchronize loads the records from the Oracle table and looks for matching records in Active Directory. It calculates what would change without actually changing anything in Active Directory.
Once it is complete you can review what would change and if everything looks good you can choose Run to actually make the changes. If the results are not what you expected you can go back into the wizard and reconfigure the job until you get the results you want. With the ability to use transforms to create new fields (usernames for example) and match all other fields, Synchronize is the easiest and most powerful tool to ensure that all of your records in Active Directory are always accurate.
Minimum hardware requirements for GroupID are:
- x64 Multi-core Processor
- 8 GB of RAM (for up to 250,000 objects in the directory)
- 1024 MB hard drive space (for installation only)
The space requirement is relative to the provider’s data size growth for Elasticsearch data.
Supported Microsoft® Windows Servers
GroupID supports the following Microsoft® Windows Servers:
- Microsoft® Windows Server 2012 Family
- Microsoft® Windows Server 2016 Family
- Microsoft® Windows Server 2019 Family
Supported Microsoft® Exchange Servers
GroupID supports the following Microsoft® Exchange Servers:
- Microsoft® Exchange Server 2010
- Microsoft® Exchange Server 2013
- Microsoft® Exchange Server 2016
- Microsoft® Exchange Server 2019
GroupID supports the following versions of SQL Servers:
- Microsoft® SQL Server 2008
- Microsoft® SQL Server 2008 R2
- Microsoft® SQL Server 2012
- Microsoft® SQL Server 2014
- Microsoft® SQL Server 2016
- Microsoft® SQL Server 2019