Active Directory Management

Ensim Active Directory Manager provides provisioning and operations management automation, policy control, and orchestration of administrative, operational and self-service activities for Microsoft AD.  Features include automated and template based organization and user account creation and deletion, quota management, fine grain entitlement management, resource management with definable provisioning business logic to assign users and organizations to the selected OU and Exchange server, user self service and IT management via role-based delegated administration portals, granular access control, security and compliance policy enforcement, and an audit trail of all activities.  Ensim enables complete automation and control of the entire Active Directory environment for service providers, enterprises, MSPs, and Telco’s.

Ensim Active Directory Manager - Features & Benefits


Single/Multi-Tenant Provisioning for AD

Ensim AD Manager provides complete provisioning and management for Single and Multi-tenant AD setups with unique management capabilities for each via its simple and intuitive web portal.  Telco’s and Hosters can create various management levels for Organizations and Resellers while setting quota limits with automatic increments and monitoring.

Management for Dedicated and Hybrid AD Environments

AD Management tools from Ensim are the solution of choice for managing dedicated AD environments as well as hybrid AD environments such as those managed by MSPs or Cloud Service Providers from a single installation. 

Provisioning and De-Provisioning Automation

Problem: Manual Provisioning/De-provisioning is time consuming and prone to inaccuracies and errors.  With users requiring access across many systems, manually provisioning a user into these systems is not efficient anymore.  Service Configurations constantly change or have to be modified.  Re-provisioning user accounts manually is inefficient and cumbersome as well.  Junior Administrators or Non-Administrators may not know the exact name of the resource resulting in users having services such as Email/IM account provisioned incorrectly.

Solution: AD Manager provides complete automation for provisioning a single user across multiple applications such as AD, Exchange, Lync etc. or when provisioning multiple users in bulk across one or more applications.  Granular changes in IT policies /service configurations can be pushed out to the users  with a few clicks, thus making propagation of these changes easier and less error prone.  If a specific field or service option needs to be updated or a service removed from a large set of users, an IT Admin (or an authorized user) will just need to make the appropriate update to the template and then propagate this update to as many users as desired.  De-provisioning or moving user resources from one backend server to another can all be achieved using similar steps.  At the end of the process the system also provides a clean audit log of all the operations/updates that were committed.

Granular Role Based Management and Delegation

Problem: Delegating tasks to others involves granting them proper access to the managed resources without granting them too much or too little control.  Native tools are powerful and in the wrong hands cause a disaster or can be difficult to understand and use.

Solution: AD Manager features a fine grained yet intuitive role based access control system that allows IT Administrators to create specific controlled roles.  These roles can be set up to have limited access to certain locations in the AD tree, thus delegating accurate access to junior admins or non-administrators to perform AD management tasks.  Once such users are set up with appropriate roles, they can perform these tasks via a web portal and every action/operation executed by these users is logged and preserved for tracking and compliance.  HR personnel may be given a role that allows them to simply provision new users into the managed systems without requiring integral working knowledge of Active Directory or Exchange.  The help desk staff can be delegated access to manage certain user properties or to reset passwords for end users while an OU administrator can be given full administrative access to their managed OU without giving them rights to use native tools, making them efficient and productive while shielding Active Directory from accidental or malicious changes that can be detrimental to its state.

Provisioning Templates

Problem: In a typical organization there is need to apply the exact same type of user information, service options, limits etc. in systems such as AD and MS Exchange.  Not having an automated solution for regulating services for users can easily make the system go out of control.

Solution: Ensim AD Manager offers to solve this problem by providing templates that can be used to control the service configurations for a single user or a large set of users in an automated manner.  By using these templates a large set of users can be brought under a known set of service configurations with just a few clicks.  AD Manager’s provisioning templates are flexible and highly configurable allowing IT Administrators to create department,location or rank based provisioning templates to automate and simplify the provisioning of users into one or more applications.  Any updates made to these templates can be propagated to the users thus making ongoing maintenance of these users easy.  Provisioning Templates also allow for efficient pooling of resources, ensuring that users are accurately provisioned on the correct resource automatically, even when the resource is across multiple servers or data stores.

Automated and Bulk User Provisioning

Problem: There are many scenarios which demand processing of data for a large set of users.  This can be either related to system migration/import of data from another application.  Having an IT resource to enter data into a form/UI for a large number of users can be error prone and wasteful.

Solution: Ensim AD Manager provides a completely automated mechanism of importing user data in bulk, for provisioning.  It also allows for propagation of changes to these user records in bulk.  This takes away the chances of error, enabling better use of IT resources and providing a complete history of the actions/updates committed to AD.

Multi-Forest/Multi-Domain Support

Ensim AD Manager can manage Single or Multi Forest and Multi Domain environments from a single web portal while ensuring separation of duties via its Role Based Access Control system.  This flexibility is great during M&A activities when companies merge and may need an additional management domains to be created to include new employees and their resources.

User and Group Entitlement

Problem: Distribution Lists/Groups and Security Groups are very important objects in AD that are actively used by a large set of users in an organization.  There is a constant need to create/retire/update groups.  The changes may be as simple as adding a user to the recipient member list or changing other information about the group such as updating its description or administrator list etc.  Managingthese changes without automation can cause a lot of time and resources to be wasted trying to complete mundane repetitive group related tasks.

Solution: Ensim AD Manager in unison with the Ensim Exchange Connector can provide a comprehensive solution to manage groups in an organization.  These features enable robust group management and allow end users to do a varied set of group management tasks without making any erroneous changes to groups.

Intuitive Web Based Management Portal

The Ensim AD Manager Web Portal is intuitive and easy to use. Junior or Senior Administrators can benefit from the flexibility it offers when managing AD objects, Exchange resources and for user provisioning.  AD Manager does not require any client installation so it can be accessed from any supported web browser for performing AD management tasks. 

Personalized Self Service User Portal for Account and Password Management

The Ensim Web Portal is highly personalized for each user based on their roles. This ensures that only features that are available to these end users, based on their roles are visible in the UI, making it simple and straightforward for end users who are not familiar with the portal to view or update information for which they have appropriate authorization.  End users can perform Self-service Account management such as Phone number and address management, outlook configuration or any other tasks including password resets or account unlocks from the highly intuitive Ensim Web Portal, reducing help desk call volume and increasing user productivity and efficiency.  The web portal can be personalized and branded with a company logo and banner or it can be integrated into a corporation’s existing portal for simplicity and automation.

Self Service Password Reset and Account Unlock

User password resets or account unlocks are very typical requests that cause helpdesk call volumes to rise.  These operations can be offered as self-service actions by using the Ensim Web Portal.  This ensures that authorized users do not waste time attempting to resolve password related issues by calling the help desk or waiting to get their ticket resolved.  Password Manager is included with AD Manager.  For additional information, please see Ensim Password Manager.

Complete User, Group, OU and Computer Management

Ensim AD Manager is a complete solution for User, Group, OU and Computer Management where delegation of administration, security, audit and compliance are on top of the list.  AD Manager also supports management of additional AD attributes that are present in the AD schema.  This allows administrators to bring in new attributes into the management umbrella and effectively control the data that resides in these attributes in AD.  For more information and additional features for managing Groups, please see Ensim Group Manager.

Approval Workflow and Notifications

IT Administrators or Managers may want to enforce certain approval policies to prevent inaccurate or unauthorized users or groups from being created or certain users and groups from being accidentally deleted by delegated administrators, group owners or junior members of IT and help desk teams.  Ensim AD Manager provides a granular approval workflow system so IT Admins can create policies that are automatically enforced when users or groups are created, deleted, modified, subscribed, or when group membership changes.  Also, notifications can be sent to; the requesting employee’s manager, a group of approvers, or the IT Administrator, who can review the request and approve or deny.  Once approved the action will be automatically processed and logged with Ensim’s central auditing system.  If denied the requester is notified accordingly.  Notifications can also be used just to inform interested parties of the opt-in / opt-out, or request action.  This process is faster, more efficient, and allows the helpdesk to focus on higher priority tasks while ensuring that users and groups are being created correctly and accurately.

Detailed Logging for Audit and Compliance

AD Manager audits every action providing a detailed log of Who, What, When and Where, providing vital information when needed.  AD Manager offers the flexibility and simplicity desired from a management portal while auditing every action and storing it securely for compliance.  This enables IT administrators to delegate basic user management tasks or complete OU level Administration to others without worrying about accountability on every action performed.

Email and SMS Notification for Monitoring

Every action performed in the Ensim AD Manager is logged for audit and reporting purposes.  When configured, information about every action, logged in the system, can be sent to a user(s) via Email or SMS notification.  The format for these notifications can be customized, to suit the needs of the Email/SMS report for a specific action.

Recycle Bin for Recovering Accidentally Deleted Objects

Accidents happen, but when they do, having a plan to quickly recover and get back to normal is efficiency.  Whether objects were deleted accidentally or deliberately, AD Manager’s recycle bin will prove to be a life saver by quickly restoring the deleted items back to their original state in a matter of seconds.  When user accounts get accidentally deleted, creating a new account is time consuming and painful. Often, user accounts get deleted before their termination date making it impossible to recreate the account or restore from backup.  AD Manager can quickly restore such deletions made via its management portal saving time and money.  Objects in the recycle bin can be automatically purged based on a configurable schedule but Administrators can mark certain objects for non-deletion or place them on hold in case of legal issues and such.

Support for failover and DR installation requirements

AD Manager can be installed in small, mid-size and large enterprises or MSP managed datacenters requiring support for failover or for Disaster Recovery planning by supporting multiple configuration scenarios including Hot-standby, Active-Active or Active-Passive.  Ensim also offers planning and training sessions for customers requesting additional design support and assistance.

Non-Intrusive Deployment (No AD Schema Changes)

Problem: Many AD management tools require schema changes to the Active Directory, something that is not favorable by most IT departments.  Such tools are intrusive and can cause potentially harmful problems or corruption of AD.  They embed themselves into the Active Directory, and thus have the ability to cause schema object or attribute conflicts leaving AD in an unstable state.

Solution: AD Manager is a totally non-intrusive application that makes no schema changes to the Active Directory.  Because of its simple and non-intrusive installation and deployment, AD Manager can be installed in under an hour without requiring special authorizations from IT management.  The Ensim solution is web based and does not interfere with any other MMC plug-ins or the AD schema making it a truly versatile and desirable AD management solution.

Quick and Easy Installation

The Ensim Application Suite can be installed and configured in under an hour without requiring professional services.  Companies can gain an immediate ROI as well as meet security and compliance requirements.  The Quick Start guide assists the administrator in configuring the required parameters and the embedded help files in the web portal as well as detailed context relational on-line help files, guide administrators along the way.