AD Administration and Content Management

Migrate data without wasting time or compromising security

Editor's Note: The Buyer's Guide summarizes vendor-submitted information. To find out about future Buyer's Guide topics or to learn how to include your product in an upcoming Buyer's Guide, go to To view previous Buyer's Guides on the Web, go to

As you move to Active Directory (AD), you want to make sure that the data you put into your directory is as complete, consistent, and accurate as possible. You also want to accomplish the migration without creating an excessive burden on administrators or compromising security. The products in this issue's Buyer's Guide can help improve administrative productivity in an AD environment and help you manage security and enforce policies related to directory content. Overall, these solutions can decrease AD's total cost of ownership (TCO) by leveraging its flexibility and granular control while abstracting the details of the directory schema into logical, manageable descriptions.

The listed solutions help you populate and manage your enterprise directory. You can also use these products to ensure consistent content throughout the directory and reduce the time you spend adding accounts and entering data. For example, these tools can help you automate the process of creating user accounts. The automated process might intelligently populate AD with group membership and email account information and create each new user's home directory. You can go to each vendor's Web site and look at a product's feature list to determine what type of tasks the product facilitates and the degree to which you can automate those tasks.

For small organizations in which one or more administrators share administrative duties, any of the listed applications will work. In more complex environments in which different administrative responsibilities are delegated to specific people for workload and security reasons, narrow your search to tools that offer enhanced delegation capabilities. Such offerings let you create roles and grant permissions specifically for accomplishing a given task. This approach gives granular control of privileges while maintaining ease of administration.

If your organization delegates different administrators to manage different portions of the directory, look at the more robust products that can use rules-based workflow to streamline processes. The workflow component lets you assign administrative tasks based on business logic, then coordinate the sequence in which various administrators perform delegated tasks. If your organization uses this type of delegation mode, think about the interfaces that the delegates will use to accomplish their assigned tasks. The distributable nature of Microsoft Management Console (MMC) snap-ins makes an MMC interface attractive. However, a Web-based interface also makes a lot of sense, and some of the larger products provide one. Some products even support email forms­based interfaces to enhance workflow capabilities.

Many of these AD management tools provide some support for Windows NT. If you're an administrator in a multidirectory enterprise, look for and evaluate the benefits of products that enable single-point management across different vendors' directory platforms while maintaining required security.

You'll probably want to be sure the product you choose contains the features you need without a lot of nonessential features. Capabilities such as reporting, browsing, searching, synchronization, and editing directory contents; Group Policy Object (GPO) management tools; operation logging or auditing; and service management tools might be mandatory in some environments yet useless in others. Investigate how a product's overall feature set will help you accomplish your directory implementation and management goals. You should also acknowledge the expense of training administrators to use elaborate solutions, then purchase accordingly.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.