Serving the Exchange & Active Directory market since 1997, Imanami's 500+ customers give a great view of who is using AD for what. That's what we blog about.
.
Current Articles | RSS Feed
Imanami's GroupID has a simple yet effective method for AD group self service. We allow the group owner or Admin four choices for group security:
When you open group membership for self service, the owner(s) assign the security level for the group. When another user chooses to join the group, the security setting will kick in and either not let them in (private), create a workflow (semi-private), create a notification (semi-public) or allow them to join (public).
By having multiple owners of a group, it makes the workflow process painless and users don't have to wait long to get into the group. It really works well.
But, we went one step farther, an Admin can set those security levels on users attempting to leave the group as well. Why would you want to do that? Consider the security group for users on HR probation. It is probably a group that nobody wants to opt into but most on it will want to opt out. Especially if you are using that group to lock down downloading privileges to keep soon to be fired employees from stealing data. If you set it up right, it's like the roach motel, they can check in but cannot check out.
In our recent survey on AD group management, we found that 60% of organizations are leaving group management up to manual processes. While we agree that managing AD groups isn't always the most strategic use of your valuable IT time, if you abandon the manual and choose to automate and delegate, you can solve a lot of security and productivity issues with these Active Directory groups.
Allowed tags: <a> link, <b> bold, <i> italics