#sponsored
Managing and maintaining an efficient Active Directory (AD) environment can sometimes be challenging, especially in larger environments. Take this example: by default, the AD doesn’t come with any templates to quickly create users. It also doesn’t have a built-in reporting tool, which makes it difficult to keep track of all the objects in the AD.
One option to manage your AD is to use PowerShell. We could write scripts that create users for you, or we could write some to find all inactive computers. However, PowerShell scripts often require a lot of maintenance and, of course, knowledge of scripting.
Luckily, there are also third-party tools available, and one tool that has gained popularity in recent years is ManageEngine ADManager Plus. In this article, we’ll look at the features, benefits, and enhanced user experience that ADManager Plus offers.
ADManager Plus Overview
ADManager Plus is a web-based AD management and reporting solution offered by ManageEngine. Its primary goal is to help IT admins effortlessly manage user accounts, groups, and other AD objects while ensuring security and compliance.
With ADManager Plus, you can streamline AD management tasks with the help of Workflows and Automation. It offers centralized control over multiple domains within your organization and can be seamlessly integrated with other systems, like ZenDesk, FreshService, and ServiceDesk Plus.
There’s quite a bit to like here. Some of the functionalities of ADManager Plus that stand out include:
- User account management: Create, modify, and delete user accounts in bulk. You can also manage passwords, and set Account Expires policies.
- Group management: Manage distribution and security groups easily. Add or remove members, change group types, and easily locate groups for better organization.
- OU management: Handle Organizational Units efficiently with options for creation, modification, and deletion of OUs, as well as delegate permissions.
- GPO management: Centrally manage Group Policy Objects, allowing for rapid deployment and enforcement of policies across your domain.
- Exchange & Microsoft 365 management: Manage Exchange mailboxes, distribution lists, and Microsoft 365 user licenses without requiring additional tools.
- Help desk delegation: Granularly delegate tasks to help desk technicians without affecting their AD permissions.
- AD migration: Seamlessly migrate AD users, groups, GPOs, and contacts across AD domains and forests.
- Risk assessment: Uncover identity-related risks and mitigate them on the fly.
- Access certification: Review and validate users’ access rights periodically by running automated campaigns.
- Backup and recovery: Back up and recover users, groups, and drives across AD, Azure AD, and Google Workspace environments.
- Scheduled and event-driven automation: Schedule and run tasks at a predefined time or trigger a series of tasks whenever an event occurs.
- Multi-level workflows: Supervise tasks and do away with human errors with multi-level workflows.
The solution also provides detailed AD reports to monitor user activities, account status, group memberships, and other compliance requirements. These reports can be scheduled to run at predefined intervals, ensuring that you always have access to the latest information.
To set up ADManager Plus, you simply need a standard Windows Server environment and an Active Directory domain. It integrates smoothly with various systems such as Microsoft 365 and Google Workspace, allowing you to extend its functionality across multiple platforms within your organization.
Key Features of ADManager Plus
Let’s take a deeper look at some of the key features of ADManger Plus.
User & Computer Management
Users and Computers are pretty much the basis of your AD, so we want to efficiently manage the objects in our organization. One of the common pitfalls of AD is that we can’t bulk update or create users or computers.
With ADManager Plus, however, we get bulk management for users and computer accounts. It allows you to create, update, and delete multiple accounts with ease. Of course, you can create a single user with ADManager, but the true power of ADManager Plus lies in its Templates.
These templates allow you to predefine most information. For example, we can configure how the logon name and email address are built up so that these fields are automatically filled in, and we can likewise configure user password complexity, contact details, department, OU, etc.
This means that when you’re creating a new user, you only need to fill in the unique information—the rest is already predefined for you.
Bulk Modification
One of the common tasks for all IT admins is bulk modification of users or computers in the AD. Unfortunately, updating the same attribute on multiple users can be a daunting task. We can of course select multiple users, but when they are in different OUs, we first need to create a search query.
With ADManager Plus, you can easily update the attributes of multiple users using the Bulk User Modification option. This allows you to simultaneously update multiple attributes to the selected users. One small area for improvement would be a filter option to select specific users. For example, it’s currently not possible to select all users with a specific job title.
Nevertheless, the bulk modification feature for the users, computers, and groups can really be a time saver if you don’t have experience with PowerShell.
Reporting and Auditing Features
Reporting is one of those features that is really lacking in the AD. This is a pain point especially when you need to comply with regulations—like HIPAA or FISMA for example.
ADManager Plus comes with comprehensive reporting capabilities for your AD environment. It allows you to easily track changes, monitor security updates, and access a wide range of pre-built audit reports to assess your compliance.
You can generate customizable reports, including security, user accounts, and GPO management, to better understand your organization’s operations or schedule them to run automatically. Moreover, the report feature supports export in various formats such as CSV, PDF, and HTML to fulfill various requirements that you might need to consider.
Automation
When managing an AD environment, we all have those tedious, repetitive tasks that we need to take care of. With automation in ADManager Plus, you can automate those repetitive and complex tasks, which results in reducing manual work and improving efficiency.
To create automation, we have two options: we can create scheduled automations or event-driven ones. For example, the first option can be used to check inactive users every day and automatically disable their accounts.
Event-driven automations are based on a trigger. When you remove or disable a user in your AD, you probably also want to revoke their Microsoft 365 license. And maybe change the mailbox to shared.
With event-driven automation, we can create an Orchestration template that is triggered by an event. This way, you don’t have to go through all systems manually to clean up a user.
Workflow
ADManager Plus offers a customizable workflow using which you can delegate tasks to your team members, allowing them to carry out their responsibilities effectively. The solution also facilitates automatic approval and implementation of requests, streamlining your organization’s management process and promoting collaborative team efforts.
Integration Capabilities
ADManager Plus integrates with several large ITSM/Help desk tools—such as ServiceDesk Plus, Freshservice, Jira Service Management, and Zendesk. You can also connect with Microsoft 365 and Google Workspace, enabling seamless management of your organization’s resources across multiple domains.
It’s also possible to create custom integrations with the help of the Rest API.
Delegation
When you are managing the AD with a larger team, it’s important to configure access permissions to the AD correctly. A helpdesk member only needs to be able to reset passwords, and not every IT member should be able to create user accounts.
Using ADManager Plus, you can easily fine-tune the delegation to your team members. A particularly helpful feature is that you can grant selective access to only the tasks that the technician needs to perform in the AD. We can, for example, create a role for our helpdesk technician that allows them to only unlock a user account.
By delegating tasks, you can empower your team, simplify workload distribution, and facilitate smooth operations within your organization.
Risk Assessment
ADManager Plus assesses your AD based on the NIST SP 800-30 guideline and generates a comprehensive risk assessment report. This report describes how secure your AD environment is and what you can do to secure it further. The solution provides an overall risk score, actionable insights, and on-the-fly mitigation measures to enhance your AD security.
Access certification
To ensure the right people have the right access to the right resources, ADManager Plus allows you to run campaigns for periodic validation and certification of users’ access rights. Various regulations like HIPAA require periodic access reviews and certification to achieve compliance.
The process requires a designated certifier with the authority to approve, revoke, or recertify an access right. The certifier can be a user’s manager, or help desk technician, or can be dynamically assigned based on specific rules.
Pricing
ADManager Plus is available in two versions, standard and professional. The price for a single domain in the Standard edition is $595, while the Professional edition starts at $795 for one domain with two Help Desk Technicians.
Tip
You can also start with a 30-day trial
Each plan comes with one admin account by default. The prices increase depending on the number of Help Desk Technicians you require. Additionally, you can add more domains to your existing plan. The cost for each additional domain is $345 for the Standard edition and $595 for the Professional edition.
Aside from the main plans, ADManager Plus offers two add-ons:
- Backup and Recovery
- Governance, Risk, and Compliance
Each add-on has specific pricing depending on the license edition and the user object capacity.
Backup and Recovery Add-on: Prices for this add-on range from $195 for 250 user objects to $2,745 for 10,000 user objects, applicable to both Standard and Professional edition licenses.
Risk and Compliance Add-on: This add-on is priced at $495 and provides identity risk assessment, access certification campaigns, and a centralized view of entitlements.
Wrapping Up
In summary, ADManager Plus serves as a one-stop solution for AD administrators and help desk technicians to efficiently manage and secure their Active Directory domain. Its user-friendly interface, extensive capabilities, and compatibility with popular platforms make it a valuable tool.
The dashboard gives you great insights at a glance and the reports allow you to extract all the information that you need.
