Logo: LUTZ & GRUB AG | IT-Services

ADS rights concept

Active Directory Services AD rights concept

Get even more security features from the ADS!

With an AD rights management model, you reduce the administrative effort and also increase the security level. With role-based rights management models, you obtain traceable and transparent authorization and authentication processes.

Mirroring the company into IT

Functional roles in the company are mapped in Windows groups. With the role-based delegation of authorizations, it is possible to define

    • defined administrative tasks
    • limited execution rights
    • limited areas in the Active Directory directory service and in IT peripherals
    • the mapping of administrative functions in IT applications.

This is used to control access. This is an important component of IT security. The functional role model continues to be the basis for identity management platforms and ITIL integration.

Transparency makes safe and saves work

The decentralized distribution of IT administration via groups and functional roles bundles the general administrative tasks in IT.

Prerequisites for successful rights delegation are:

  • the mapping of the enterprise organizational chart into AD organizational units (OU)
  • the definition of administrative roles within the work processes
  • the mapping of the functional roles in Windows groups

Even more security!

A significant gain in security is based on the minimized assignment of rights within the entire AD infrastructure in all executive areas through restricted Windows group memberships (least amount of privilege) and customized group policy applications.

Our services

  • Consulting on AD rights and delegation concepts
  • Recording of business processes and development of a rights strategy
  • Creation of a catalog of activities for the AD delegation model
  • Organization design according to organization chart and site topology
  • Mapping of administrative roles in a Windows group design
  • Presentation of a rights matrix according to the “floating rights” principle
  • Delegation templates for group policy and Exchange user management
  • Delegated user helpdesk management for 1st to 3rd level with on-board consoles (ITIL compliant)
  • Delegated function server management in the periphery
  • Script-based rights assignment and access list cleanup
  • Service account management in the context of the rights concept
  • Monitoring functions to verify delegations
  • Identity management consulting