Active Directory Compliance Manager

Activate Active Directory Compliance Manager allows the enforcement of complex compliance rules with Active Directory (AD). This allows advanced policies to be implemented and remediation actions to be performed automatically when changes occur within Active Directory. Real-time compliance means that Policy Managers and Auditors can ensure that sensitive information is protected while minimizing impact on operational systems.

Active Directory is the backbone of access control within most corporate environments. It controls access to sensitive information stored in the file system, email system and a multitude of external systems such as SharePoint, Email and other Line of Business applications such as SAP, etc. It is increasingly important that policy controls are enforcedĀ  for user access to these business applications and to monitor and enforce compliance across systems.
The Activate Active Directory Compliance Manager monitors all changes in Active Directory and enforces policy and provides event management for changes. These changes can be initiated manually by the service desk or automatically by other systems

Activate AD Compliance Manager has two major components, one allows the online management of groups. The other real-time monitoring of Active Directory changes and enforcement of compliance.

Features

Browse AD Groups

Activate generally manages AD groups based on the rights they grant. For example, software (via Services Manager), folder access (via Folder Manager), however, some groups fall outside of this. For example, 'Domain Admins' or other system groups. AD Compliance Manager allows these groups to be managed online via Activate.

Online Group Management

Service Desk and Administrators can search and update groups as required. Activate's comprehensive role based security system controls in a granular fashion which users can perform which actions on specific groups.

Compliance and Auditing

Unlike actions performed directly in Active Directory, all actions in Activate are tracked and audited. This improves security and reduces compliance costs.

Templated Group Creation

Enforce corporate policies for group creation, by having templates for the different group types. The system can enforce naming standards, specific OU's and can also automatically create sets of groups. For example, Dev, QA and Production groups in a single step.

Automatic Classification of AD Groups

Activate automatically classifies AD groups based on their usage. For example, groups linked to an Active Service, Distribution List, Folder or Sharepoint access are automatically moved and classified. Users including Administrators must use the appropriate Activate Module and process to manage the group, rather than just adding and removing members. This ensures that all appropriate business rules and processes are followed.

AD Policy and Monitoring

Activate monitors all changes to Active Directory in near real time. Any changes that are made outside of Activate can trigger a workflow and policy. For example, the 'Domain Admins' group is moved to the 'Protected' policy node in Activate. This means that any users added to the group outside of approved rules in Activate will be automatically removed and a Security Group Manager role notified of the violation.