I know what you’re thinking: “They’re just going to say buy.” Admittedly, given that we make the best group management solution in the industry, we are a little biased. However, we also recognize that using a third-party solution to simplify the management of Active Directory groups doesn’t necessarily fit every environment. So, the answer isn’t really as simple as just buy.
There are a number of factors that come into play that you need to consider. For example:
- the number of groups you have
- the number of changes made monthly
- how many help desk tickets are created to modify group memberships
- whether you desire to (or even can) delegate responsibility to users in the organization who are outside of IT
Also, there are other, more obvious factors — such as Can you afford it? or Do you like to build your own solutions?
As I said, it’s not for everyone. So, what are your other options?
There are several ways that you could automate some aspects of Active Directory group management, including:
- PowerShell: There are a number of built-in cmdlets that you can use to create and delete groups, as well as manage memberships. Truth be told, however, it’s going to take some serious scripting if you want to automate more advanced group management tasks, such as dynamic group memberships.
- Process: For some organizations, sticking to a regimented process would be a solid first step toward implementing proper Active Directory group lifecycle management.
- Delegation: In general, moving the daily management of groups outside of IT is a smart decision. Placing responsibility on the people closest to a group’s use and purpose makes much more sense than having IT manage the group.
There’s quite a lot that you can do yourself. So, when is buying the right option?
As a general rule of thumb, you should be looking to buy when you need to do one of the following:
- Dynamically maintain distribution and security groups
- Monitor group usage
- Use Workflows to create, use, expire, and delete groups automatically
- Report on and audit group memberships
In many ways, the decision to buy a group management solution really depends on how serious you are about group management. For example, if you are looking to implement true Active Directory group lifecycle management (in which you’re implementing processes, owners, and accountability around the creation, management, and existence of groups), you should be looking to automate the entire process. Trying to do this manually would require a ton of documentation and a lot of manual labor.
However, if you’re simply looking for a way to automate one aspect of group management or address a single use case, building it yourself would be a viable option.
Build or Buy?
Despite our bias, the answer isn’t always buy. You need to consider your group management requirements, internal factors (such as your team’s capabilities, budget, etc.), and whether the need for automation is enterprise-wide or isolated to a small number of tasks shared by an equally small number of staff.
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.