Active Administrator Problems-and-Solutions

Problem:An administrator had used the Delegation of Control Wizard in Windows 2000 to grant permissions to objects in Active Directory. A short time later he found out that other administrators had granted similar rights, which overlapped and prevented their original delegation of control from working.

Solution:The administrator turned to Active Administrator. It enabled him to see where delegation of control was happening, remove it if need be and even repair it if it had been changed. He also used the built-in Active Templates for further delegation of control which he could report on as well. The included templates covered the rights he had to grant.

Problem:An administrator noticed issues with users being denied access to resources and always had to reset their passwords. The problem was that the size of the domain was huge. It had over 100 domain controllers and close to 70 administrators with varying levels of access.

He had been auditing several aspects of AD management on all of their domain controllers, but going through logs to find a subset of security events would mean scouring tens of thousands of events. This would have been virtually impossible.

Solution:Active Administrator allowed him to filter these logs and provided a simple means to find out what was going on, even prior to the time the product was installed. It turned out that a junior administrator was deleting and recreating accounts in order to move them between OUs. This was obviously messing up NTFS permissions and passwords.

The issue was easily corrected because Active Administrator illustrated what had happened, who had done it, when and on what DC. Now all Active Directory account management events are emailed in real-time by Active Administrator to a single administrator who can review them.

Problem:An administrator wanted to document all of the settings for GPOs in their environment. The only options he had were to use a pencil and paper or take hundreds of screen shots. This would be incredibly time consuming if not virtually impossible to do accurately.

Solution:He decided to use Active Administrator to streamline the process and increase his efficiency. Active Administrator allowed him to automate reports and export them in any number of formats which he could reference if a GPO was ever changed from the original setting.