This post is sponsored by Softerra, Ltd. What’s this?
Several months ago, we did a two part series on Softerra’s Adaxes. If you have ever been frustrated by the antiquity of Active Directory Users and Computer (ADUC) or left perplexed by missing features in the Active Directory Administrative Center (ADAC), the Adaxes management console for Active Directory may be exactly what you need.
In this third part of the Adaxes series, we are going to look at three new features: Active Directory Change Control, Business Units, and Scheduled Tasks.
Active Directory Change Control
For all but the smallest environments, change control is a necessity. It is a small wonder that this feature is not native to Active Directory management (or offered similarly like Advance Group Policy Management in MDOP is). The difference between change control and delegation is black and white.
With delegation, individual permissions are assigned to a subset of users or groups. These specific permissions include things like resetting a password (user or computer) or creating an OU. To paraphrase Yoda, an IT administrator can or cannot. There is no try.
Change control supplies a middle trying ground. Junior administrators (or even non-technical employees) can be given permission to initiate actions but be denied the ability to complete these actions. For example, an administrator at a remote site can be delegate the permission to create a user but change control can intercept any actions that would delete a user. This action would be recorded, stored in the Adaxes console Approval Requests node, and a notification is sent to a higher-level administrator. Change control through Approval Requests provide a safer way to distribute management permissions in Active Directory.