After my initial Global Active Directory Seminar world tour, I came back with one key concept that I feel all Active Directory admins need to consider: Active Directory security baselines. Knowing the current state of your Active Directory security is the first step. This means that you need to perform an analysis on all areas of Active Directory to ensure you know where the overall security falls.
Creating Perfect ADManager Plus CSV Files
ADManager Plus blows away any other Active Directory management tool by letting administrators create custom user creation templates and powerful CSV user definition files. In order to leverage these CSV files, you will need to ensure that you have all of your I’s dotted and T’s crossed
Auditing vs. Monitoring of Active Directory
I just finished a class where I had both auditors and administrators in attendance.
Windows Active Directory Password Policy: Still Misunderstood
I am going to make this short and sweet. I want to not focus on the Password Policy settings and focus just on the deployment of the Password Policy in Active Directory. Here is the reality of the Password Policy in bullet format, for easier consumption: The Password Policy for the domain is defined in the Default Domain Policy Group Policy Object (GPO) by default
Active Directory Delegation: It Does Not Need to Be Hard!
One of the most important and powerful reasons that organizations consider Active Directory is the fact that delegation is built into the product. W indows NT did not have delegation, unless you want to call membership in the Account Operators group delegation! Windows Active Directory provides a simple method , using the Delegate Control Wizard, to grant a group of users granular control over all or even just a subset of your Active Directory objects. For example, if you have a help desk that should have the ability to reset passwords for all users except for those in IT, you can delegate this permission to the OU that contains the non-IT employees
The Best Way to Organize and Manage AD Groups
You Can Learn More About the ManageEngine Product Line By Going to manageengine.optrics.com The original article/video can be found at The Best Way to Organize and Manage AD Groups
Automating Inactive User Controls
With so many compliance regulations requiring controls over inactive users, it is important to ensure that these user accounts in Active Directory are correctly managed. There are significant security risks associated with leaving inactive users enabled or available (or both) in Active Directory. In a previous blog on tracking down inactive users in Active Directory, I explained how you can leverage ADManager Plus to accomplish this task
My Mom Said My Password Was Important…
Well, I know I have been saying it for years, talking about it like it was one of the most important aspects of your computer, and emphasizing it as one of the top five most important security configurations for corporations and users. With so many companies being attacked, compromised, and making front page news, I hope that now you get the picture!
ADAudit Plus Updated Release: Real-Time, Continuous Auditing of Active Directory Changes
Do you have changes that are occurring in Active Directory that you want to be made aware of immediately?
Find and Delete “Never Used” User Accounts
Every Active Directory installation has one common issue. Every installation has one or more users that were created for a project, new employee, returning employee, and the like; but the user account was never used