10. Introducing ActiveRoles Server Practical Provisioning, Management, and Security for Active Directory, AD LDS and Beyond ActiveRoles Server offers a practical approach to automated Active Directoryuser provisioning and administration, for maximum security and efficiency
11. Key Features Provisioning End-to-End User and Group Lifecycle Management Automatic User and Group Provisioning and Deprovisioning Management Unified Active Directory and Active Directory Lightweight Directory Services (AD LDS – formerly ADAM) Management Automated group management Interfaces for Day-to-Day administrators, Help Desk, and end user self-service ADSI and PowerShell support for extensibility Security Controlled Administration through Roles and Rules for a true least privilege model Approval Workflow for Change Control Centralized Auditing & Reporting Add-on Applications Quickly and easily connect to existing HR/ERP system or ILM 2007 (MIIS) to provision and synchronize Active Directory Simplified Exchange Resource Forest Management – from a single console Protection for critical DNS Services Compliant & Secure Access Management through Group Membership Self-Service
26. Efficient Group Management Efficiency Extensive Group Management functionality saves Time, makes administrators more efficient, reduces errors and accuracy ensured by application of consistent policies Improves Administrator efficiency while reducing mistakes and security concerns. Exclude criteria provides separation of duties capability Group Membership Rules Automatically add users to groups based on a common set of policy rules. Dynamic Groups and Group Families Automatically add or remove users to groups according to a set of query based criteria - Bulk creation and population of groups
27. Web Based Day-to-Day Adminand Help Desk Web Consoles Simplifies day-to-day tasks and reduces administrative costs Provides alternate console for managing Active Directory Configurable with Point-and-click simplicity to meet customer needs Complete management of user, group, computer, and Microsoft Exchange Built with the latest ASP.NET technology
28.
29.
30. Controlled Administrationwith Roles and Rules Provides administrative layer between users and Active Directory, for strict enforcement of operating policies and to eliminate unregulated access - Enforces “Least Privilege” Model Allows for centralized auditing and reporting of directory-related changes Simplifies the process of delegating rights by abstracting the required delegation into roles (or templates) that can be quickly deployed and easily maintained Controls the administrative rights that individual accounts and groups get in Active Directory through role-based delegation Provides full reporting and import/export capabilities Provides multi-forest support
31. Roles Based Delegation Sr. Administrator Exchange Admins OU Admins / Help Desk Application / Data Owners End user Self-Service Day-to-Day Admin Active Directory Full Control Computers Domain Controllers AD Architect Mailbox Admin Create Mailbox, Move Mailbox APAC EMEA North America Service Desk New York Create Users/Groups Create Groups Reset Passwords, Unlock Accounts Mexico City Self-Service AD LDS Update personal Information Request Changes ADAM Objects App/Data Owners DNS Servers Change Group Membership DNS Records Job Function Roles Access
32. Prevent Un-wanted Changewith Approval Workflow Management Solution Remediation - Deprovision Groups Applicationor Data Owner ApprovalWorkflow + - Manage GroupMembership Or Review Owner Attestation Review Assistants IT Oversight VerificationReports IT Administrator Provides segregation of duties and tracking of request and responses to help with security and compliance
35. What if you could… Obtain real-time, detailed tracking of all changes to Active Directory (AD) and Group Policy settings? Take corrective actions for undesired changes in AD and ADAM, eliminating downtime and security breaches caused by accidental deletions or modifications? Be notified in real-time when critical events and changes are detected in AD, ensuring your awareness of possible security violations and destructive changes? Ensure adherence to compliance regulations and internal policies by tracking all activity in your Active Directory environment? Protect Active Directory by preventing changes to the most critical Active Directory objects, down to the attribute level including Group Policy Object settings?
43. Sample reports with drill-down functionality which enablesyou to find exactly what you are looking for All file access activity performed by that user All recently deleted files and by user
44. More sample reports… Drill down information from file highlighted in red showing all modification to that file and by whom
46. What if you could… Audit administrative rights on your domains, workstations and servers? Ensure that privileges that are granted are in conformance with your formal security policies? Provide configuration reports quickly with the most current information? Have the capability to take action on violations to security policies? Know what changes have taken place to objects in the directory? Satisfy the needs of different data consumers in your organization?