Managing Active Directory with the NetIQ Directory & Resource Administrator
First let us review some of the challenges in administrating AD and LDAP in general:
- Directory structures are inflexible
- Changing AD once it is implemented to meet changing administrative or organizational needs are difficult.
- Delegating and “un-delegating” access is a royal pain
- Delegating account administration access is possible using native Active Directory technologies. However, without extensive documentation of these delegations, modifying or removing delegation is very difficult.
- Limiting what objects or properties a user can manage is easy enough but the ongoing maintenance presents a significant challenge. In addition, using only native capabilities does not allow the granular level of delegation that most organizations need.
- Active Directory can delegate access to directory objects. However, delegation over computer resources requires a third party tool.
- Restoring deleted users accounts is a painful experience.
- There is an inability to control the content going into the Active Directory as AD does not provide any kind of content policy enforcement, so it is up to the individual operator to assure content consistency and accuracy when data is entered into or edited in Active Directory.
- Native directory tools usually provide more power to help-desk users than the IT organization intends.
So let’s review how the above challenges can be overcome by installing NetIQ’s Directory and Resource Administrator (DRA) tool
- Easy to install: It takes only a few steps to install DRA and start the Administration of AD.
- Configuring DRA only requires IIS server installed and knowledge of AD and Exchange server.
- The Directory Resource Administrator automation interfaces allow you to write scripts to perform certain tasks such as creating deleting accounts or account properties.
- Advanced management features allow you to create custom tools; replicate files among Directory Resource Administrator servers so that these files can be downloaded to client workstations, implement virtual attributes, identify attributes you don’t want to copy when you clone new user accounts, and execute Lightweight Directory Access Protocol (LDAP) queries in Active Directory.
- The NetIQ Exchange Administrator (ExA) extends the powerful features of DRA to provide seamless management of Microsoft Exchange. Through a single, common user interface, ExA delivers policy-based administration for the management of directories, mailboxes and distribution lists across your Microsoft Exchange environment.
- Synchronization of object between the Domain servers are made easy in DRA.
- Reporting and Auditing tools in DRA minimizes the use of other native tools.
So to summarize, the reason we like NETIQ’s DRA is easy, it is a flexible, securable and scalable solution to control the myriad of Directory stores we encounter in an organization and allows us to eliminate the over-access of administrative type rights we see at many of our customer’s environments.
Questions, comments or concerns? Feel free to reach out to us below or at IDMWORKS