Active Directory Management Wasting Your Time?
If you are like millions of other people in this world, when you look at yourself and how you manage time you may come to the conclusion that you are a procrastinator, a day-dreamer, or just someone who wastes their daylight hours on tasks that are not well prioritized. You may however consider yourself to be a person who values time and does a good job of utilizing time. Let me destroy that thinking.
Perhaps you think you are above those negative traits. If you or anyone on your team is manually making membership changes to groups in Active Directory or worse, you are not manually updating anything and leaving members in groups for which they no longer need to be a part of. Time is being wasted doing these things yourself and the double jeopardy is that when you don’t do it, you are taking on unnecessary risks for your organization.
Bottom line is this: You are wasting valuable time. Your time or the time of someone else.
We like to use tools that we believe will help us in time management. Thinks in paper form or electronic. We call them things like calendars, task lists, to-dos, project management software, post-it notes, alarm clocks, help desk ticketing tools, nagging spouses, online notes, electronic wallets, day planners, voice recorders, timers, notepad, and so on. We use these tools because we know that they will help us. What other tools can help us save valuable time?
We learn from early in our education that these tools help us to organize and get things done on time in an orderly fashion. We also learn quickly however that some tasks are repetitive so we learn to make tasks and appointments on a reoccurring basis. That task that we do every day becomes an automated task as we make it a habit.
As technical people, we take things that reoccur and automate them because we hate having to do the same thing twice. Perhaps we are tired of doing something and are in a position to delegate so we make someone else do our dirty work? When it comes to Active Directory management however, our ability to automate is limited to scripting. Powerful. Automatic. Elegant. We say this to ourselves but then reality hits us… When something changes, we must reopen our beautifully painstakingly crafted script and update it. What a pain it is again we find ourselves in
Writing scripts to do your work is a very small step in a long path towards a reduction in your workload. The next and final step is to move past scripting and all form of automation that surround code-based implementations of directory management to those things that are purpose-built for the task.
Unless you can affirmatively answer each of the following questions, you are missing an important tool that will alleviate your important time.
- When a new person is hired, I do not need to know about it. HR adds them into HRIS system, they are provisioned in Active Directory, given a mailbox account, put into appropriate distribution lists and given access to resources via security groups.
- When a person changes roles in the organization, I do not need to grant them access to achieve their new jobs. They are automatically added to new distribution lists, given new access to additional resources.
- I also do not need to worry about these same employees that changed roles having access to resources they no longer need. Removal from distribution lists, access to resources happens automatically without my intervention.
- Owners of resources are compelled to validate/attest to who gets access to what. If they do not, access for those resources will be temporarily halted until they do make such validation.
- A person responsible for content is not required to contact me in IT to give someone temporary access to something they manage. They are given user-friendly tools that allow them to do it themselves within the scope of limited rights granted them.
- My employees can request access to information, resources, sharepoint sites, and more through an easy browser client interface that does not trouble my IT team. The request goes directly to the stakeholder. The stakeholder can make the decision and all such transactions are captured for future auditing needs.
- When someone forgets a password or worse, locks their account, I have empowered them to take care of that on their own in a very secure and trusted manner.
There are other tasks more strategic you are shouldered with. Why should your time be burdened with what amounts to data entry. Get out from underneath the deluge of these tasks and get back some of your precious time. You already are using other tools to improve and manage your time. Maps This will be the best thing you ever did for your IT department. Let us show you how.
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.