Product Reviews
A Single Place to Administer Many Domains
Enterprise Directory Manager provides two great interfaces and plenty of configurability to ensure business rules for directory management are enforced.
Aelita Enterprise Directory Manager allows you to directly manage users,
groups and other AD objects just like you were in the MMC snap-in provided
by Microsoft, and then takes off. It deals with three basic elements:
Access Templates, Policy Objects, and Managed Objects. These can be applied
to one or more AD domains, allowing enterprise-wide administration. Policy
Objects are the elements that can be applied against one or more Managed
Objects (Users, Groups, OUs, or any valid AD object). Access Templates
determine who can use, create, modify or delete any aspect of EDM administration.
Enterprise Directory Manager is relatively straightforward to install,
although it does require that MS SQL Server 2000 be on the network, or
that you install the supplied Microsoft Desktop Engine (MSDE) on the management
server. The management server is the computer that will host the service
which client interfaces will connect to, either an MMC snap-in or a Web-based
interface. The installation program configures a management server by
default, but can be used to only install the MMC snap-in on a different
computer.
Once you've installed the management server, you need to configure which
domains you will manage. In doing so you need to be aware of one little
quirk. Because EDM stores its information in a SQL Server database and
uses the policy objects and access templates to manage those parts of
Active Directory that you have defined as managed units, it also creates
little security loophole that can be exploited. That is, any member of
the local Administrators group of the management server effectively has
full domain administration privileges on any managed domain listed in
the database. This could allow Domain Admins in the domain where the management
server is located to manage objects in other domains. While this can be
a benefit for some organizations, I view it as a security hole that needs
to be plugged by the vendor.
 |
|
Enterprise Directory Manager includes web interface that can be
used to perform administrative tasks or allow users to update their
own information. (Click image to view larger version.)
|
In outward functionality what EDM delivers is very similar to ExMS
3.5. Where Aelita pulls ahead is in a cleaner user interface and an
awesome Web administration tool that allows users to easily manage their
own properties, provided you have configured access templates to allow
them to do so. This product is not an Exchange tool per se, but because
Exchange 2000 users Active Directory as a directory service, can be useful
in enforcing rules that may be needed for proper Exchange 2000 operation.
While a lot of the functionality of this product can be provided by Microsoft's
tools and Windows Script Host, having it all in one place will be a benefit
to larger organizations. For those companies with less than 200 users,
it may provide limited rewards.
About the Author
Damir Bersinic, MCSE, MCDBA, MCSA, MCT, is an independent consultant, trainer and author.