Active Directory Security and Active Directory Delegation play a mission-critical role in global security and present an open challenge. A good Active Directory Audit Tool / Active Directory Reporting Tool / Active Directory Auditing Tool / Permissions Analyzer for Active Directory can help Audit Active Directory, generate Active Directory Reports and mitigate Active Directory Risks such as Active Directory Privilege Escalation, and find out who can reset your windows password. Today, even the US Department of Homeland Security runs on Active Directory.Today, tools like the Active Directory Effective Permissions Tab and Active Directory Permissions Analyzer can be used to perform Active Directory Permissions Analysis, prevent Token Bloat, Dump Active Directory ACLs, perform an Active Directory Audit and an Active Directory Access Audit.
Wednesday, June 30, 2010
What is the Active Directory Administrative Center?
It comes standard with Windows Server 2008 R2 and it can be used to perform common Active Directory object management tasks through both data-driven navigation and task-oriented navigation. It is meant to be the replacement of Active Directory Users and Computer (ADU&C) Snap-In and it certainly offers an enhanced management experience for IT administrators.
It can be used to manage domain user and computer accounts, domain security groups and of course Organizational Units and containers. It can also be used to filter data by using query-building search.
One of the key benefits of the Active Directory Administrative Center is that it can be used to manage objects across multiple domains, as long as they belong to the same Active Directory forest, or there exists a trust path between the local and the target domain.
One neat new feature of the Active Directory Administrative Center is the breadcrumb bar, which can be used to directly enter the location of a specific Active Directory object, so that you can directly navigate to that object.
Another neat feature is that it can be used to query the Active Directory based on richer criteria, such as the to find a list of locked user accounts. It however falls short in providing accurate information on last logons, as it does NOT query each DC, but instead relies on the approximation method which is based on the lastLogonTimeStamp attribute.
You can open the Active Directory Administrative Center is one of two ways - you can either click Start, then select Administrative Tools, then click on Active Directory Administrative Center, or you can click Start, then click Run, and then type dsac.exe.
It however can currently only run on running the Windows Server 2008 R2 operating system (and on Windows 7 clients using (RSAT)), and it cannot be used to manage Active Directory Lightweight Directory Services (AD LDS) instances and configuration sets.
It is not without its downsides however in that it cannot be used to generate pretty printed reports which might be needed for security audits and compliance reporting, as the best one can do is perhaps export to CSV.
Also, because under the hood Active Directory Administrative Center, It is powered by PowerShell, and so while it is certainly more powerful than the its predecessor, the Active Directory Users and Computer MMC Snap-In, it can be sluggish at time.
In summary, the Active Directory Administrative Center is the first major revision to the Active Directory data management tools since the initial release of Active Directory way back in 2000. It certainly offers numerous visual and capability enhancements, but is neither intended to and cannot replace the need for dedicated/advanced Active Directory based reporting solutions.
No comments:
Post a Comment