Transcription

ManageEngine ADManager PlusSolution Documentwww.admanagerplus.com

Contents1. Introduction . . 12. ADManager Plus: Under the hood . . 22.1 Modules 32.2 Access to product’s features 43. Management – Active Directory & MS Exchange . 53.2 Highlights of management module4. Reporting – Active Directory and MS Exchange4.2 Highlights of reporting module . . . 6 . . 7 . 85. Active Directory Workflow. . . . 96. Active Directory Delegation. . . 107. Active Directory Automation . . 128. Mobile (iPhone & Android) Apps. 139. ADManager Plus Support . 14

ADManager Plus Solution Document1. IntroductionManageEngine ADManager Plus is a web-based Active Directory management and reportingsoftware. It is simple-to-use and user friendly. Besides its ability to manage both ActiveDirectory and Exchange environments from the same console, it also offers:-The ability to manage multiple accounts at one go-Template and CSV-based provisioning, re-provisioning of accounts-Built-in reporting module with 150 pre-defined schedulable reports-Safe and smooth delegation of even complex Active Directory tasks to non-technical users-Automation of Active Directory management and reporting tasks-Dashboard that displays all the vital statistics of each domain (number of users, number oflocked out users, etc.) in graphical formatThis document provides:- A simple diagrammatical representation of the anatomy of ADManager Plus.-A short explanation about its working, without diving deep into the underlyingimplementation details.-An introduction to each module of ADManager Plus along with its features and highlights.1

2. ADManager Plus: Under the hoodADManager Plus is an off-the-shelf web-based Active Directory management and reportingsolution. It is based on the web application server-client framework and also includes a built-indatabase.ADManager Plus OverviewInstalling ADManager Plus is quite simple. You have to just download the product’s EXE fromthe website, run it and follow the instructions in the install shield. Based on your need, you canrun ADManager Plus as a console application or as a service.You can install ADManager Plus on any Windows machine that has a P4 – 1 GHz processer,1GB RAM, 2 GB disk space and turn it into an ADManager Plus server. You can then access thisserver and its services via web-browsers. For optimum efficiency, we recommend that youinstall it on Windows 2000/ 2003/ 2008/ 2008 R2/ 2012/ 7/ 8.By default, ADManager Plus is installed as a console application. It runs with user’s privilegeswhen you install it as an application. When installed as a service, ADManager Plus runs withthe privileges of the system account.2

ADManager Plus’s ModulesADManager Plus server offers several predefined functions and routines that solve your day-today Active Directory challenges. Based on their functionalities, these routines are grouped intofour major modules namely:Management: Provisions, re-provisions and de-provisions Active Directory objects in bulk; alsooffers template and CSV-based Active Directory account management.Reporting: Consists of 150 preconfigured, schedulable reports; many reports also come with theability to re-provision/manage accounts.Delegation: Foolproof delegation system that allows you to delegate even crucial tasks likeaccount provisioning to non-technical users.Automation: A scheduler exclusively for Active Directory tasks; allows you to schedule andexecute Active Directory management tasks.Further, ADManager Plus also offers a flexible workflow that introduces checkpoints to preventunauthorized/harmful changes in Active Directory.To perform any change/update in Active Directory, ADManager Plus must be provided with the relevantpermissions. So, you have to supply it with an all-inclusive account to provide the privileges required toperform any management action.When a user logs on to ADManager Plus server to perform any task, it first verifies the user’scredentials; it also checks if the user has the appropriate privileges in ADManager Plus toperform that task. Then, based on the task type, the appropriate module performs the requiredactions and completes the task. For example, if the task is user creation, the managementmodule will create the user in Active Directory through its user creation features.Communication MethodWhen you interact with the ADManager Plus server from a web-browser (or a smartphone /mobile device) the communication happens via HTTP protocol. For enhanced security, there isalso an option to enable HTTPS protocol.All communication/interaction between ADManager Plus server and Active Directory happensvia LDAP protocol.3

Access to ADManager Plus’s FeaturesThe product and its features can be accessed using two types of accounts – the defaultADManager Plus accounts and the technician accounts (imported from Active Directory).1. ADManager Plus’s built-in accounts: an admin, a helpdesk technician and a HR associate.-Admin account: This is a super account which has unrestricted access to all the product’smodules and features including product configuration and administration.-Helpdesk technician: This default helpdesk account comes with ‘reset password’privilege/role. If needed, you can delegate more roles to this technician account.-HR Associate: This account has the privilege to create new user accounts in ActiveDirectory. This account can also be enriched as needed, by delegating more roles.2. Technician Accounts: These are user accounts that you import into ADManager Plus fromyour Active Directory. Their access to the product’s modules and features can only be as wideand deep as you want them to be. By delegating the appropriate roles to them you can allowthese accounts to perform only specific actions/tasks as required.When technicians access ADManager Plus, they will be able to view/access only those modulesand features delegated to them by the administrator.Immaterial of the account type, the permissions associated with all these accounts are totallyproduct-specific. That is, all the permissions assigned to them have effect only inADManager Plus and have no effect in Active Directory. The actual rights of users in ActiveDirectory remain untouched.4

3. Management Module – Active Directory and MS ExchangeADManager Plus’s management module offers the ability to manage Active Directory and alsomultiple versions of Exchange Servers from just one single web-based console.ADManager Plus Active Directory and Exchange ManagementThe management module contains the most frequently performed tasks like user creation,password reset, Exchange mailboxes creation, etc. as pre-defined actions. To perform any task,you will have to just click on the required task and specify the accounts/objects that you wish tomanage.Moreover, ADManager Plus also helps you to manage multiple accounts in a single stepthrough its bulk management actions. It also offers template and CSV-based management.For all management actions, ADManager Plus makes the required changes/updates in theActive Directory. It then updates in its database the objects or accounts for which themanagement actions were performed, the changes/actions that were performed and also thenew or updated values to keep track of the actions performed.5

3.1 HighlightsSome of the salient features of ADManager Plus:-One-step provisioning of user accounts with all the required settings including- Exchange mailboxes, Lync/LCS/ OCS settings, and also- Appropriate group memberships and privileges.-All-inclusive user provisioning and re-provisioning templates - to fine tune and standardizethe account management process as per the organizational policies.-Bulk management actions – manage multiple users, groups, computers and contactsobjects at one go, via CSV import.-MS Exchange Server Management: Create, modify, migrate, delete Exchange Mailboxes forusers, configure the Exchange limits, enable/disable OWA, OMA, Active Sync, etc. formultiple users at one go.-File Server Permissions Management: Grant, modify, revoke NTFS and Share permissionsof users and groups, in bulk.-Automated AD management to auto-execute tasks/processes like user creation, usermodification, AD cleanup, etc.6

4. Active Directory ReportingADManager Plus’s reporting module offers 150 ‘out-of-the-box’ reports that fetch importantinformation like inactive users, locked out users, distribution group members, compliancereports (SOX/HIPAA), etc. instantly.These reports are organized into multiple categories like user reports, password-based reports,group reports, Exchange reports, etc. for easy retrieval of the required data.Active Directory ReportsADManager Plus reports also have built-in management options that enable you to executemanagement tasks right from the reports. For example, to unlock users, you can just generatethe list of locked out users and unlock them using the unlock option located within the report.Moreover, the ‘report scheduler’ makes it easy to schedule the generation of required reports.You can also configure this scheduler to email the reports to multiple users.Whenever a report has to be generated, ADManager Plus fetches the relevant data from all thespecified OUs in Active Directory and updates it in its database. It then displays this data to youin a format that is simple and easy to read and understand.7

4.1 Highlights- 150 pre-built reports in multiple categories like User Reports, Password Reports, GroupReports, Computer Reports, Contact Reports, Exchange Reports, GPO Reports, ComplianceReports, OU Reports, etc.- Management from reports - perform vital account management actions like enable, disable, move,delete, etc. right from the reports.- Report Scheduler to auto-generate all the required reports for all the required OUs / Domains, atthe exact times specified.- Export / email reports – Export or even deliver the reports to multiple users as email attachmentsin different formats like Excel, PDF, HTML, CSV, etc.- Report customization to get the exact information that you need by having only those attributesthat you need.8

5. Active Directory WorkflowADManager Plus’s workflow offers multiple levels (request, review, approve and execute)which can be customized as per your needs. The review-approve model standardizes theprocess of executing management tasks and prevent unauthorized/harmful changes. Workflowalso allows you to write ‘assignment rules’ to expedite the execution of tasks by automaticallyassign them to appropriate technicians based on their expertise.Active Directory Workflow5.1 Highlights-Customizable workflow to specify the execution flow or path for every task; ensureadherence to the required IT compliance standards and also organizational policies.-Assignment rules help you to automatically assign requests to the appropriate technicianswho are best suited for the tasks.-Notification rules to auto-update all the stake holders via email, about the status of tasksas they progress along each stage of the workflow.-Customizable requester roles to specify the tasks for which a requester or a user can create arequest.-Request repository that lists all requests that a requester or a technician has created; youcan also list all the requests that have been assigned to the technician.9

6. Help Desk DelegationADManager Plus delegation helps administrators offload excessive burden off their back byempowering non-administrative users, non-technical/business users (HR, department heads,etc.) to perform repetitive tasks.Active Directory DelegationYou can select any user from your Active Directory and make a help desk technician out of thatuser. For example, you can select a user from the HR department and assign ‘create and modifyuser accounts’ role to them. This will enable that HR executive to create new user accountswhenever new employees join their organization or modify the user accounts wheneverpromotions, transfers or role changes occur in the organization. They no longer have to dependon or for the IT department to help them out.10

6.1 Highlights- Secure and non-invasive delegation model: The rights/privileges assigned technicians are purely atthe product level and their actual privileges in Active Directory remain untouched.- Customized roles: A variety of roles can be created to give technicians the ability to performdifferent tasks (example: reset passwords, move users, generate group reports, etc.).- Role-based/profile based delegation of tasks to help desk technicians; only those modules/featuresassigned to technicians will be visible to them.- OU-specific administration enables technicians to perform different set of tasks in different OUs.For example, a technician can create and modify users in OU1, create computers in OU2, createand modify groups in OU3, etc.- Cross-domain/multi-domain delegation allows technicians to perform the designated tasks inmultiple domains.- Audit reports to get the trail of all the actions that a helpdesk technician has performed.11

7. Active Directory AutomationADManager Plus’s automation ensures error-free execution of frequently performed tasks (resetpassword, unlock accounts, etc.). Automation offers administrators more freedom, peace-ofmind and time to focus on the truly important and mission critical tasks.Active Directory Automation7.1 Highlights- Automation Policy: helps automate any often repeated or critical Active Directory managementtask; also allows you to set up a series of follow up tasks along with their execution sequence.- Automation: helps specify the time of execution for the tasks that have to be automaticallyexecuted, set the frequency at which these tasks have to be performed and also specify theappropriate input for these tasks.- Controlled Automation: built-in option to make the task execution follow the review processspecified in the workflow.12

8. ADManager Plus Mobile AppsThe native iPhone and Android apps of ADManager Plus puts you in control of all your useraccounts, even when you are ‘on-the-move’. Using these mobile apps you can connect to yourADManager Plus server and manage all the user accounts right from your mobile devices.Currently ADManager Plus mobile apps allow you to:- Reset users’ passwords- Unlock user accounts- Delete user accounts- Enable/disable user accounts- Add/remove users from groups- Set primary group13

9. ADManager Plus SupportYou can get a firsthand experience of managing your Active Directory via ADManager Plususing the 30-day free trial.For a personalized demo of ADManager Plus, or any further information, you can contact oursupport team 24*5 via email: [email protected] or Phone: 1 925 924 9500 (TollFree) or 1 408 916 9393 (Direct)Visit www.admanagerplus.com for in-depth information about all the features available in thisActive Directory management and reporting solution.14

ManageEngine ADManager Plus is a web-based Active Directory management and reporting software. It is simple-to-use and user friendly. Besides its ability to manage both Active Directory and Exchange environments from the same console, it also offers: - The abili