Maintaining the accuracy of all Active Directory groups is important but as George Orwell may have said (and I’m paraphrasing here), “All Active Directory groups are equal, but some Active Directory groups are more equal than others.” I say this because some Active Directory groups have to be accurate. And because some are easier to keep accurate than others.
The most difficult ones to keep accurate are the groups that have no rhyme nor reason…a project team that only the members know that they need to be in that particular group. For that you need web based Active Directory self-service. No other way to do it.
The easiest ones are those that Active Directory groups that you can dynamically manage … they all have attributes in Active Directory or some other database that you can query. For example HR managers in Iowa. You know all three pertinent pieces of information to make a dynamic Active Directory group.
Of those that can be managed dynamically, there are three that are the most common; for these, Imanami created dynasties, simple to create groups that nest based on common criteria. Here are the three most common:
- Managerial dynasties: direct and/or indirect reports of managers. For example, everyone who reports to Billy Robertson is automatically put in a group and updated as the reporting structure changes.
- Organizational dynasties: Active Directory groups based on business unit, department, and title. You automatically and dynamically have Active Directory groups of all members of a department and within that all members with the same title. These groups are valuable as dynamic distribution lists or dynamic security groups.
- Geographic dynasties: groups based on office location, usually nested as country then state then city. These are very valuable for location specific groups … my favorite example is that you need to alert everyone in the Bend, OR office that they are out of organic coffee, this would be the easiest way.
In this chalk-talk, I will show how GroupID Automate can easily create these three most important dynamic Active Directory groups following a very intuitive wizard.
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.