Lead Image © Vlad Kochelaevskiy, 123RF.com

Lead Image © Vlad Kochelaevskiy, 123RF.com

An Active Directory management solution for everyone

Directory Outgroup

Article from ADMIN 47/2018
By , By
Large and distributed enterprises that use Active Directory will find ADManager Plus easy to use, adaptable, and appropriate for non-IT users.

User and device management with Active Directory (AD) is probably one of the primary tasks of IT in most companies. From time to time, IT people try to involve other departments in AD management, but this typically fails because of the complexity of the task and the technical nature of the data. ADManager Plus offers another way.

Interactions between IT and other departments could be better organized in many companies. Even in large enterprises, a user account often will not be set up in time when a new employee is hired. The use of existing data sources often means double entry of user data: The Human Resources (HR) department likely has an employee management system, the telephone control software has its own data source, and a time recording system, if in place, also has its own databases.

After creating user accounts and assigning them to organizational units or group memberships, how can an administrator make the input options of the Microsoft Management Console (MMC) Active Directory Users and Computers available to the HR department, for example, without HR changing other parameters in AD? Microsoft does not envisage a granular structure for access authorizations. Although the Windows Server 2016 Essentials Dashboard simplifies the procedure, these features are not available in larger organizations.

How ADManager Plus Works

ADManager Plus 6.6, from ManageEngine (Zoho Corporation's IT management division), lets administrators manage and maintain the company's own AD (Figure 1). Instead of the typical MMC consoles, the software offers a web-based interface that supports highly granular role-based assignment of permissions. Resetting passwords, unlocking users, user creation, and group assignments are typical tasks that ADManager offers in the browser.

ADManager Plus 6.6

Product

Software for AD management.

Manufacturer

ManageEngine

https://www.manageengine.com/

Price

The price of the Standard Edition software starts at around $500 per year in a version for one domain and two help desk employees; with 20 help desk employees, it costs around $2,800. Prices in other currencies are available on request. The "Free Edition" for managing a maximum of 100 AD objects in a single domain is free of charge. Without license information, the standard/professional version automatically becomes a free edition after 30 days of testing.

System Requirements

Microsoft Windows 2000 and newer. A browser is required for use: IE 8 or higher, Mozilla Firefox 3 and higher; Google Chrome and Microsoft Edge are also supported. A minimum resolution of 1024x768 is required for smooth operation. Single-core CPU 1.0GHz and higher, 1GB of RAM, and at least 2GB of free hard drive space. The web service requires a free port address, 8080 by default, for access.

Technical Specifications

Datasheet available online [1].

Figure 1: The ADManager Plus dashboard shows the most important parameters at a glance.

In addition to precisely controlling authorizations, the solution supports bulk operations that would otherwise only be possible with scripted jobs (e.g., importing user data from CSV files with automatic creation and configuration of group memberships). Integrated reporting provides IT managers the basis for compliance checks in their own environments and for monitoring the most important settings and attribute definitions in AD. The most exciting function, however, is the ability to delegate routine administrative tasks, such as creating new user accounts, to technical or administrative staff.

Recent Enhancements

Customers and users of ADManager will be familiar with frequent functional enhancements, some of which the manufacturer launches in monthly cycles. In late summer 2017, the developers extended the software in version 6.583 to include the REST API, which allows third-party vendors to access ADManager Plus functions (e.g., for help desk tools). You can use the API calls to create users, release a lock, activate or deactivate accounts, delete commands, and reset.

In the same month, version 6.590 was released with the technology to create, modify, and delete Group Policy objects without the user having to use Microsoft's MMC or PowerShell on-board resources. Less than eight weeks later, version 6.6 added the ability to control Office 365 users and support screen dialogs in the Turkish language.

Ready for Use

The developers have made installing the software quite easy: On any Windows computer, the installer, which comes in at just under 70MB, is started by the user with admin rights. If the current computer is in a domain and the logged in user has domain admin rights, all you have to do is answer a question about the installation location and the port address for the web service.

The almost minimalistic system requirements (1GHz CPU, 1GB of RAM, and 2GB of HDD memory) could almost make you suspicious. (See the "ADManager Plus 6.6" box.) A small module for the integrated PostgreSQL database is installed with the program; in terms of software resources, IT staff only have to take care of Java.

The use of the software does not create any explicit dependencies for AD. If ADManager is not available, the administrator can use the typical MMC snap-ins for administration at any time. Only the settings required for configuration and user management are stored in the database by ADManager.

For our test, we downloaded the software from a third-party website. Unfortunately, the installation package was not completely up to date, so we had to install some updates after the basic installation. To do so, the admin stops all the services and the database from a script job. Thanks to good product documentation, all of these steps are very simple.

For the test, we installed the package on a virtualized Windows 10 in a Windows 2016 domain. In previous tests, we set up trial versions on Windows Server 2008 R2 and Server 2012 R2 – without any problems in all cases. After installation, all employees can work with ADManager in the browser. Here, too, we did not encounter any problems in the course of our tests, regardless of which browser used and on which platform.

The installation as a domain administrator means that the program can immediately access AD. In addition to AD user management, the software works with its own accounts from the database. The first user thus starts off with a predefined administrative account and a standard password. It would make more sense if the solution insisted that you immediately change the password, but this is not the case. In the basic configuration, ADManager initially uses HTTP; we converted to a more secure HTTPS connection in our lab with just a few mouse clicks. The software warns you that an unencrypted HTTP connection allows the password to be read out.

The administrative account allows the use of many, but not all, functions. Some tasks result in an authentication error, because a user with a password for further actions in the domain must first be defined in the Admin tab. Although caught by the error messages, we missed having a typical initial configuration wizard that guides newcomers through the software.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus