IT Pros Manually Managing AD Groups -- Redmondmag.com

Active Directory Use Profiled in Study

By Kurt Mackie
06/04/2010

IT pros mostly manage their Active Directory groups manually, according to an industry-sponsored study published late last month.

The study, conducted by Osterman Research in April for Livermore, Calif.-based Imanami, found that nearly 59 percent of participants manually maintained groups using Active Directory (AD). Another 33 percent said that they used a mix of manual and automated methods. Just eight percent used a purely automated system.

Osterman Research received surveys from 155 participants in organizations managing a mean of 750 e-mail users each. Survey participants either had to be AD users or knowledgeable about using AD in their organization.

AD is used as part of Windows to set up network permissions for users, such as granting access to folders and files. One of the points of the survey was to determine how "painful" it was to accomplish such tasks. Most respondents felt that updating groups in AD was "not too painful" (47 percent). Other responses to that question included "somewhat painful" (27 percent), "not painful at all" (16 percent) and "painful or very painful" (10 percent).

The pain points were indistinguishable between those manually updating AD groups and those using automated processes. "This tells us that current, automated methods of updating groups on AD do relatively little to alleviate the pain of group updates," the study concluded.

The study estimated that it was taking an IT administrator about 8.3 mean person-hours per 1,000 users to manage groups using AD. At a salary of $80,000 annually for an IT administrator, the cost for such AD support is about $16,600 per year. Imanami's interest in such details is that the company provides an automated identity management system for use with AD. Imanami is a Microsoft Gold Partner that specializes in group lifecycle management products supporting both AD and Microsoft Exchange.

Most organizations are using AD groups to grant access to folders and files (93 percent), systems (78 percent), group-level Group Policy Objects (73 percent) and sending e-mail to groups (66 percent). In addition, 56 percent of respondents said that they use AD groups to grant SharePoint access. Imanami sees this later finding as a reason for organizations to better enable real-time AD updates.

"As the amount of corporate content migrates to SharePoint, and as the consequences for data breaches become more severe, keeping groups updated in AD in a near real-time manner becomes crucial," said Robert Haaverson, Imanami's CEO, in a released statement.

The study is called "Survey Results for Imanami" by Osterman Research. Imanami describes the study's results in greater detail here.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.