Hi all, sorry up front for the long post.
I'm curious how larger organizations manage groups in AD, with respect to authorizing users to be added to/removed from a group. I don't mean the security around the administration, but the supporting business processes and workflows.
We've just centralized security administration, and this has created a problem with group administration on quite a large scale.
Our security admins will get a request to add UserA to GroupA. Since they have inherited the job, there isnt a clear 'owner' of GroupA, be it an IT owner like the SQL group, or a business owner like the Radiology dept. If its a group that ultimately get you admin rights on all SQL servers or access to patient data...you can see the problem developing here. The problem is really two-fold, the security aspects, as well as the time it takes to complete the request. (multiply it by 1500 requests a day and the admins are really backed up)
I'm wondering if anyone has had success with a self-service web-based request system, or something similar, and what made it successful? Ideally, the goal here is to get a detailed request into the admin group with all the info and approvals already in it.
Thanks in advance,
rb
- [ActiveDir] Group Management Raymond . Balaian
- RE: [ActiveDir] Group Management Brian Desmond
- RE: [ActiveDir] Group Management joe
- RE: [ActiveDir] Group Management joseph.e.kaplan
- RE: [ActiveDir] Group Management Brian Desmond
- RE: [ActiveDir] Group Management Ken Cornetet
- RE: [ActiveDir] Group Management Ken Cornetet
- RE: [ActiveDir] Group Management joseph.e.kaplan
- RE: [ActiveDir] Group Management joseph.e.kaplan