Active Directory Delegation

Computers & TechnologyNetworking

  • Author Jack Peterson
  • Published November 18, 2010
  • Word count 389

Active Directory delegation is an important task in the process of Active Directory management that requires careful planning and accurate implementation. Native Active Directory management tools are not able to cope with AD delegation tasks due to significant disadvantages. Third party solutions implement role-based access control model that proved its simplicity and effectiveness.

Active Directory management includes many tasks. Some of them are simple, though still very important. The necessity of rights delegation to non-administrative staff occurred when Active Directory administrators spent about 40 per cent of their time fulfilling those simple operations like reset of passwords, modification of users’ personal data, etc. Eventually it was decided that Active Directory delegation is vital to let the administrators solve more important challenges.

Active Directory delegation has a pitfall – security threat. When we deal with sensitive data, security is above all, that is why Active Directory delegation should be carefully planned and implemented with the possibility of constant revision of delegated rights. Native AD management tools do not cope with granular delegation of rights in Active Directory due to the following reasons: absence of central place for permissions storage, need of manual maintenance of multiple ACLs across Active Directory. Moreover, it is a huge problem to track what privileges were granted to users. Help of third party solutions is vital here.

Third party solutions proved their effectiveness for Active Directory delegation with the help of role-based access control approach that refers to delegation of responsibilities in a centralized manner. It is possible to create an administrative role, allocate a set of job functions to it and subsequently assign this administrative role to a user. Such approach helps control delegated permissions, assign and revoke those assigned even to large amount of users with the same job function.

Even though role-based access control helps significantly increase security by means of delegating limited rights to non-administrative staff, some actions still should be verified by responsible persons. This task is easily accomplished by means of approvals that are provided by third party Active Directory management software.

Active Directory delegation is a pressing problem for IT administrators as it involves possibility of security breaches and improper Active Directory audit. Third party AD management tools provide a vast range of features that help cope with the problem of Active Directory delegation, thus greatly reduce administrative misfortunes and headaches.

Experienced IT enthusiast.

Active Directory delegation

Article source: https://articlebiz.com
This article has been viewed 1,999 times.

Rate article

Article comments

There are no posted comments.

Related articles