Quest ActiveRoles Server
ActiveRoles Server can help you manage, automatically provision, re-provision and, more importantly, de-provision users quickly, efficiently and securely in Active Directory, AD LDS (formerly ADAM) and beyond. ActiveRoles Server provides strictly enforced role-based security, automated group management, change approval and easy-to-use Web interfaces for self service to achieve practical user and group lifecycle management for the Windows enterprise.
Businesses today grow and change at a frantic pace, making Active Directory (AD) management one of the most time-consuming IT tasks. AD administrators struggle to keep up with requests to create, change or remove user access to various network resources. With the advent of compliance regulations like the Sarbanes-Oxley Act (SOX), and the intense scrutiny they place on access to business-sensitive applications, organizations can no longer rely on numerous manual provisioning processes to maintain compliance.
Add to that the need to tightly delegate control of AD among various administrative groups, provide self-service capabilities to users to lighten the IT burden and involve key people in IT processes through change approval, it's no wonder that today's AD administrators need help.
Tight Security with Role-Based Administration for AD and AD LDS
ActiveRoles Server offers flexible, granular access controls with role based delegation to ensure that every administrative action taken is consistent with your organization's security standards. You can audit role definitions, assignments and permission entries in Active Directory—all from the ActiveRoles Server console. Enterprise-wide review of access rights is as simple as running one of the pre-built reports that ship with ActiveRoles Server.
ActiveRoles Server's unique architecture creates a security boundary around Active Directory, so you can reliably manage AD access rights and guard sensitive information. This is the only way to guarantee compliance with security policies.
Speed User Provisioning with AutoProvision™ Policies
ActiveRoles Server automates user provisioning tasks to reduce your administrative workload and get new users up and running faster. Reprovisioning and deprovisioning is automated as well, so when a user's access needs to be changed or removed, updates in Active Directory, Exchange and Windows are made automatically, thereby reducing administrative workloads and making users more productive faster!
Automation of User Provisioning
With the addition of ActiveRoles Quick Connect (optional add-on application to ActiveRoles Server), ActiveRoles Server provides integration with data sources such as HR and ERP systems or Microsoft's Identity Lifecycle Manager 2007 (formerly known as MIIS) so that AD and other resources can be updated automatically, streamlining data entry. Data entered into one system is automatically reflected in AD, eliminating costly data entry errors and duplication of effort, and saving valuable time.
Lower Administrative Costs with User Self Service
With the simple assignment of self-service roles, end users can carry out administrative tasks, such as modifying their Microsoft Exchange contact information, through a simple to use self-service Web interface. Due to the reliable enforcement of business roles and rules, ActiveRoles Server makes self-administration safe and secure, while allowing IT to manage (but not necessarily participate in) these time-consuming tasks.
Centralized Reporting for All Administrative Operations
Centralized audit logs on all directory-related actions show who performed what actions and who tried to perform actions that were not permitted. By logging all actions in a centralized fashion, ActiveRoles Server allows administrators to quickly identify, troubleshoot and investigate issues, saving time and increasing administrative efficiency.
Involve Decision-Makers in Key IT Processes
By providing policy-based approval workflow, ActiveRoles Server decreases errors and inconsistencies in the processes of directory data management, including provisioning and de-provisioning. Robust approval procedures allow an IT process and oversight to be established and aligned with business requirements, putting efficient responsibility chains to complement the automated management of directory data in place.
Protect Critical Data with Business Policies
By strictly enforcing operating policies and eliminating unregulated access to sensitive resources, ActiveRoles Server ensures the security of your business-critical data. In addition, ActiveRoles Server enables the integration of business processes and provides a detailed audit trail of all directory-related changes. This level of control and security is a must for legal or regulatory compliance initiatives.
- Administer and Provision More with One Console
- AD and ADAM/AD LDS - ActiveRoles Server provides side-by-side management of both AD and AD LDS creating a single point of administration, delegation, policy enforcement and change control for all Microsoft Directory Services. ADAM was recently renamed by Microsoft to Active Directory Lightweight Directory Services (AD LDS).
- Entitlement Access - Manage entitlement access including Exchange, network resources and JAVA applications. ActiveRoles Server can also manage key user assets, including AD accounts, Exchange mailboxes and home directories. It provides a practical approach for managing the entire user lifecycle including assignment of user entitlements. Once an AD account is provisioned, access to directory-enabled applications can be granted automatically. For example, the AutoProvision Policy for Group Membership allows you automate the assignment of entitlements, such as network resources or Java Applications through Quest's Vintela Single Sign-on for Java.
- Unix/Linux Users and Groups – ActiveRoles Server extends management control to Unix and Linux identities, including users, groups and computers, through Vintela Authentication Services. Query-based management views show all of the enabled identities and business rules ensure and enforce unique user identification and group identification.
ActiveRoles Server is an Extensible Solution
With ActiveRoles Server you can customize and extend provisioning, management, security and automation through ADSI scripts or PowerShell. Both scripts and PowerShell commands are subject to the same roles and policies as day-to-day administrative users so you can be confident that they will be executed properly, by the correct people, and trigged by events you define. In addition to scripting and PowerShell support, several optional add-on applications (listed below) can be added to ActiveRoles Server to provide for advanced management capabilities.