Skip over global navigation links

Active Directory Management and Operations Services

Getting Started

To order or inquire about this service, please contact the NIH IT Service Desk.

Service Hours: 24 hours a day, 7 days a week.

More Info

Related Services

Active Directory Management and Operations Services offer IT Professionals and IC Administrators the tools and services that are used to manage and operate Active Directory (AD), including those for monitoring, security, compliance, and account provisioning and deprovisioning.

Some of these services are provided to ICs, and some, such as Active Directory Management (ADM), can be used directly by IC IT Pros. Details regarding the large variety of available tools are contained in the FAQs below, and IT professionals who need more information about these services may request assistance by submitting a ticket through the NIH IT Service Desk.

Customer Benefits

CIT develops, publishes, and maintains AD Policies and Best Practices, in conjunction with the NIH Chief Information Security Officer (CISO) and the ICs, to provide a smoother and more cohesive infrastructure at NIH. We also provide AD support for technical collaboration efforts such as VPN deployment, and the directory synchronization between the NIH Enterprise Directory (NED) and the NIH AD.

Customer Market

This service is available to all NIH customers and to other customers outside of NIH.

Frequently Asked Questions

Q: My group works with AD a lot, what kinds of tools do you have that help us manage our accounts?

A: One of the most widely used tools is Active Directory Management (ADM). CIT provides both a web-based and a remote console that you can use to manage your users and groups, distribution lists, and computer objects. ADM has features administrators are familiar with in Active Directory Users and Computers, provides a management activity and history for each account, and can be used to granularly assign “roles” to your administrative staff for specific tasks such as setting passwords or unlocking accounts.
 
ADM provides automated provisioning and deprovisioning of AD user accounts. ADM Enhanced Business Service allows for customized, automated actions based on AD attributes: Home Directory Automation creates home folders and shares upon account creation, Customized Group Assignment automatically adds users to groups, and other customizations can include assigning customized attributes, sending automated email, opening Remedy tickets, etc.
 
You can also increase the storage sizes for your email users without having to go through the Service Desk.
 
Q: What other tools do you have?
 
A: Well, there are a lot:
  • AD Sites and Services are continually analyzed to improve AD replication and authentication traffic.
  • AD Health is an audit control, monitoring, and compliance tool that monitor changes within AD.
  • Recovery Manager for AD is an AD object recovery tool.
  • AD Security Lockdown supports directory lockdown and security management in NIH.GOV, NIH External, and the CIT test environment.
  • AD Security provides regular security analysis and patching to those domains.
  • AD Server Administration supports domain controller operations and database integrity and health using automated monitoring and alerts.
  • Log Collection and Review compliance software is deployed on all domain controllers within NIH.GOV and provides automated registration/deregistration, maintains groups, and generates audit reports.
  • HHS Forest-wide Monitoring and Compliance (Security Manager) monitors all domain controllers in the HHS Forest, including OS and HRSA.
  • VPN Account Integration Service provides AD support for VPN deployment at NIH.

 

Up to Top

This page last reviewed: March 09, 2011