Product Reviews

A Single Place to Administer Many Domains

Enterprise Directory Manager provides two great interfaces and plenty of configurability to ensure business rules for directory management are enforced.

• By Damir Bersinic
• 05/01/2002

Aelita Enterprise Directory Manager allows you to directly manage users, groups and other AD objects just like you were in the MMC snap-in provided by Microsoft, and then takes off. It deals with three basic elements: Access Templates, Policy Objects, and Managed Objects. These can be applied to one or more AD domains, allowing enterprise-wide administration. Policy Objects are the elements that can be applied against one or more Managed Objects (Users, Groups, OUs, or any valid AD object). Access Templates determine who can use, create, modify or delete any aspect of EDM administration.

Product Information Enterprise Directory Manager 4.0 Aelita Software Powell, OH 614-336-9223 800-263-0036 http://www.aelita.com For more Exchange tools, see "Keeping Exchange Running" in the May 2002 issue.

Enterprise Directory Manager is relatively straightforward to install, although it does require that MS SQL Server 2000 be on the network, or that you install the supplied Microsoft Desktop Engine (MSDE) on the management server. The management server is the computer that will host the service which client interfaces will connect to, either an MMC snap-in or a Web-based interface. The installation program configures a management server by default, but can be used to only install the MMC snap-in on a different computer.

Once you've installed the management server, you need to configure which domains you will manage. In doing so you need to be aware of one little quirk. Because EDM stores its information in a SQL Server database and uses the policy objects and access templates to manage those parts of Active Directory that you have defined as managed units, it also creates little security loophole that can be exploited. That is, any member of the local Administrators group of the management server effectively has full domain administration privileges on any managed domain listed in the database. This could allow Domain Admins in the domain where the management server is located to manage objects in other domains. While this can be a benefit for some organizations, I view it as a security hole that needs to be plugged by the vendor.

Enterprise Directory Manager includes web interface that can be used to perform administrative tasks or allow users to update their own information. (Click image to view larger version.)

In outward functionality what EDM delivers is very similar to ExMS 3.5. Where Aelita pulls ahead is in a cleaner user interface and an awesome Web administration tool that allows users to easily manage their own properties, provided you have configured access templates to allow them to do so. This product is not an Exchange tool per se, but because Exchange 2000 users Active Directory as a directory service, can be useful in enforcing rules that may be needed for proper Exchange 2000 operation.

While a lot of the functionality of this product can be provided by Microsoft's tools and Windows Script Host, having it all in one place will be a benefit to larger organizations. For those companies with less than 200 users, it may provide limited rewards.