Challenge
Bolloré Logistics is consolidating its AD forest. One of the most important challenges for us today is to control how information is written in AD. The most difficult thing is to find the right balance between simplicity, compliance, and flexibility. In a company of our size information hosted in Active Directory must be well organized. We must respect a common naming scheme. Complex operation must be automated, and then we must keep a minimum of flexibility for our admin in order to cover their local needs. Then the last thing is traceability. Due to our certifications we need to ensure all modifications made in our Active Directory are tracked.
Solution
Adaxes helps us to distribute a more fine delegation model. Many security roles have been configured in the tool. Rights are distributed by OU, but also by Business Unit. We control the user input by business rules and property pattern in order to fit our management rules in place. We also trigger an approval workflow on some very sensitive operations. Adaxes offers us the simplicity, automation, and flexibility that we expect to have when managing our Active Directory. We also use the replicated SQL database to keep trace of any actions in our logs.
Benefits
Adaxes brings the advantage that AD and Exchange operations are done in the same console. So administrators don't need to jump between different consoles to administer their users anymore. It also improves our decommission process. When we want to decommission a user or computer account, we use a custom command that run 7 actions. It allows us to have a more detailed process without the need to train administrators to accomplish this process. Same thing when we deploy a new site. Information is fulfilled in a custom form, and then processed by a script. So with a simple form we are able to create a default OU structure (about 15 OUs), default set of administration groups, and then use these groups to apply security roles to the OUs previously created. This process is very quick to run and it allows to avoid any errors as it is automated. Adaxes also brings traceability. Without deploying any other third party tool we are able to log actions done in our AD. Finally, by using Adaxes, we are able to remove domain admins right to our administrators. So it improves the security around our Active Directory a lot.
Francois LEFEBVRE
Active Directory System Engineer