The “Other” 5 Things You Need to Care About in Active Directory


Published on

The chances are that you spend your days working with just one aspect of Active Directory. There are another five areas that need your attention so that you can ensure that your Active Directory is working perfectly. Join us to learn about the other 5 areas of Active Directory management that you really should care about.

In this webinar, we will cover 6 areas of Active Directory management:

1. Auditing
2. Security
3. GPO's
4. Accounts
5. Recovery
6. Health

Join Concentrated Technology’s Greg Shields and ScriptLogic’s Nick Cavalancia as they compare free tips and tools for managing Active Directory to ScriptLogic’s Active Administrator solution.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Assess, Assign, Audit is a security lifecycle:You first assess the current state of securityMake changes based on the assessmentAudit the usage of AD to ensure the changes are correctIf you see something out of whack – what would you do? Reassess, reassign, reaudit.
  • The “Other” 5 Things You Need to Care About in Active Directory

    1. 1. The “Other” 5 Things You Should Care About in AD Dial In: +1 (213) 289-0020 Access Code: 400-839-152 Or use your computer speakers Greg Shields, MVP Nick CavalanciaPartner and Principal Technologist VP, Windows ScriptLogic
    2. 2. About the Speakers Greg Shields Greg is a Senior Partner and Principal Technologist with Concentrated Technology. He is a Contributing Editor for TechNet Magazine and Redmond Magazine, and a Series Editor for Realtime Publishers. Greg is a sought-after and top- ranked speaker, seen regularly at conferences like TechMentor, Tech Ed, VMworld, and more. He is a multiple recipient of Microsoft "Most Valuable Professional" award with has received VMwares vExpert award. Nick Cavalancia Nick Cavalancia, MCSE/MCT/MCNE/MCNI, is ScriptLogic’s VP of Windows Management where he assists in driving innovation and the evangelism of ScriptLogic solutions. He has over 17 years of enterprise IT experience and is an accomplished consultant, trainer, speaker, columnist and author. He has authored, co-authored and contributed to over a dozen books on Windows, Active Directory, Exchange and other Microsoft technologies.
    3. 3. About ScriptLogic• Founded in 2000• Focus on 4 key areas: • Desktop Management • Help Desk Management • Active Directory Management • Server Management• Customer Base • 30,800+ customers worldwide • From SMB to Fortune 100• Headquartered in Boca Raton, Florida• Subsidiary of Quest Software since 2007
    4. 4. Daily AD Management• It’s not just creating users and resetting passwords• There are six areas of AD management • Security • Accounts • Auditing • Recovery • Group Policies • Health• Let’s look at what’s free and what ScriptLogic offers
    5. 5. Active Administrator• The single solution for AD management • Secure • Audit • Manage • Maintain • Prevent
    6. 6. Focus 1: Security• Implementing security isn’t enough • Everyone’s creating groups, assigning rights, etc. • The establishing of a security standard alone isn’t enough. • You need a process that follows the security lifecycle to ensure AD is locked down properly• Assess, Assign, Audit… repeat
    7. 7. Security– What’s Free?• Plenty of power in PowerShell• Free AD cmdlets from Quest Software • Get-QADPermission • Add-QADPermission • Remove-QADPermission • And more!
    8. 8. What else is Free?• Native Tools • Nothing for Searching • Delegation Wizard
    9. 9. Security - What’s Lacking?• Requires potentially complex scripting• Minimal management granularity• No documenting what’s in place
    10. 10. What Does ScriptLogic Offer?• Security-Centric Interface• Simplified Security Assessment• Consistent Permissions Delegation• Automated Delegation Enforcement DEMO!
    11. 11. Focus 2: Auditing• It’s one thing to know who has rights• It’s something entirely different to know • What they’re doing with those rights • What was changed • What the change value is
    12. 12. Auditing – What’s Free?• Native Windows Auditing • Enable • Configure • Per-Server • Find the Needle!
    13. 13. Native Auditing – What’s Lacking?• Decentralized• Involved searches• No reporting
    14. 14. What Does ScriptLogic Offer?• Centralized, Automated, Simplified • Auditing • Alerting • Actions DEMO!
    15. 15. Focus 3: Group Policies• GPO management is a balanced mix of security, settings and strategy • There are over 3000 Group Policies with the release of Windows 7 • “With great power comes great responsibility” • Complex mix of layered policies requires some attention to ensure the proper outcome for the user
    16. 16. GPOs – What’s Free?• GPMC of course • Delegation • Management • Basic Modeling • Result Reporting• Worth mentioning - AGPM with MDOP
    17. 17. GPOs – What’s Lacking?• Ability to make changes without impacting production• Quickly fixing changes that impact production
    18. 18. What Does ScriptLogic Offer?• GPO History• Offline Editing• Advanced GPO Modeling DEMO!
    19. 19. Focus 4: Accounts• Let’s look beyond managing users & groups• What about… • Password Policies that impact users? • Inactive Accounts? • Expired Passwords?
    20. 20. Accounts – What’s Free?• Inactive Accounts – ADUC• Password Policies – ADUC• Expired Passwords – PowerShell get-aduser -filter {Enabled -eq $True} -properties passwordExpired | where {$_.passwordExpired}
    21. 21. Accounts – What’s Lacking?• Inactive Accounts • Reporting • Automation• Implementing Password Policies are not easy, at best• Expired Passwords • Actions
    22. 22. What Does ScriptLogic Offer?• Simplified Password Policies• Inactive Account Management• Proactive Password Reminders DEMO!
    23. 23. Focus 5: Recovery• It’s bound to happen • You’re going to accidentally delete an object that needs to be restored • You need to revert to an older version of an object
    24. 24. Recovery – What’s Free?• DSRM• AD Recycle Bin (2003R2) • Simple Example: Single ObjectGet-ADObject -filter {displayName -eq DonJ} -IncludeDeletedObjects | Restore-ADObject• More complex recoveries may involve • Determining the original location of the object(s) • Restoring the OU • Restoring the objects • Resetting Passwords • Etc.
    25. 25. Recovery – What’s Lacking?• Automation• Simplified searches and selection• Recovery granularity • Attributes • Security
    26. 26. What Does ScriptLogic Offer?• Recovery of • Objects • Attributes • Security • Group Policies• Done Online, in real-time without DSRM! DEMO!
    27. 27. Focus 6: Health• Recognizing the “health” of AD is not immediately obvious • Are your DCs replicating? • If not, what is the cause of the problem? • How are you being notified of problems?
    28. 28. Health – What’s Free?• Command-Line Tools • Repadmin • DCDiag• PowerShell • Possible but way too complex
    29. 29. Health – What’s Lacking?• Analysis• Reporting
    30. 30. What Does ScriptLogic Offer?• Replication Analysis• Error Detail• Reporting • Health • Configuration DEMO!
    31. 31. Summary• 6 Areas of AD Management to Focus On • Security • Accounts • Auditing • Recovery • Group Policies • Health• Plenty of function in Free Tools• Active Administrator centralizes, automates and simplifies these tasks.
    32. 32. Resources• Active Administrator • 30-day Evaluation • Walkthrough Tour• Greg Shields
    33. 33. “SMB IT Simplified” • Real-world articles • Industry experts • Vendor-agnosticConnect with us
    34. 34. Questions?
    35. 35. iPad Winner!