Active Directory Compliance Manager
Activate Active Directory Compliance Manager allows the enforcement of complex compliance rules with Active Directory (AD). This allows advanced policies to be implemented and remediation actions to be performed automatically when changes occur within Active Directory. Real-time compliance means that Policy Managers and Auditors can ensure that sensitive information is protected while minimizing impact on operational systems.
Activate AD Compliance Manager has two major components, one allows the online management of groups. The other real-time monitoring of Active Directory changes and enforcement of compliance.
Browse AD Groups
Activate generally manages AD groups based on the rights they grant. For example, software (via Services Manager), folder access (via Folder Manager), however, some groups fall outside of this. For example, 'Domain Admins' or other system groups. AD Compliance Manager allows these groups to be managed online via Activate.
Online Group Management
Service Desk and Administrators can search and update groups as required. Activate's comprehensive role based security system controls in a granular fashion which users can perform which actions on specific groups.
Compliance and Auditing
Unlike actions performed directly in Active Directory, all actions in Activate are tracked and audited. This improves security and reduces compliance costs.
Templated Group Creation
Enforce corporate policies for group creation, by having templates for the different group types. The system can enforce naming standards, specific OU's and can also automatically create sets of groups. For example, Dev, QA and Production groups in a single step.
Automatic Classification of AD Groups
Activate automatically classifies AD groups based on their usage. For example, groups linked to an Active Service, Distribution List, Folder or Sharepoint access are automatically moved and classified. Users including Administrators must use the appropriate Activate Module and process to manage the group, rather than just adding and removing members. This ensures that all appropriate business rules and processes are followed.
AD Policy and Monitoring
Activate monitors all changes to Active Directory in near real time. Any changes that are made outside of Activate can trigger a workflow and policy. For example, the 'Domain Admins' group is moved to the 'Protected' policy node in Activate. This means that any users added to the group outside of approved rules in Activate will be automatically removed and a Security Group Manager role notified of the violation.