The Active Directory Manager (ADM)

Over the next several months, the Constellation account creation service (currently being used by some ICs) will be retired and Active Directory Manager (ADM) will become the enterprise provisioning service at NIH.

What is ADM?

The ADM service uses Quest’s ActiveRoles Server software to provide a fully-featured tool for managing Microsoft’s Active Directory (AD) accounts. ADM provides a single point of administration, delegation, policy enforcement, and change control for users, groups, and computers. It supports integration of other directory services, and supports multiple authentication protocols.

ADM provides IT professionals and administrative officers with both automated and manual ways to manage user and group accounts. With ADM, not only can you open, change, and delete accounts, but you can also create mailboxes in Exchange for an account, and add accounts to distribution lists.

ADM is also the background technology that will shortly provide all of NIH with automated account provisioning, updates, account transfer between ICs, and account deprovisioning—all of which are based on and synchronized to the changes to an individual’s NIH Enterprise Directory (NED) account. ADM populates Active Directory resources such as shares and files and modifies permissions while enforcing policies and guidelines set forth by NIH. It can automatically add or remove members from groups, and can even be set to schedule the management of temporary group members.

Benefits

Controlled, secure administration: Because ADM acts as a security layer around AD, it helps administrators maintain compliance with security policies by enabling them to define administrative roles, set associated permissions, and enforce role-based rules. ADM ensures that AD management is secure and delegation of roles is reliable and controlled.

Effective auditing and reporting: ADM provides an audit trail that details who performed what actions on which accounts and when.

Web availability: ADM offers administrators, self-service users, Help Desk, and data owners a dynamically configured and customized web interface that follows all the same rules that are in place via the console.

More information

For more information regarding ADM, contact the NIH Help Desk at http://ithelpdesk.nih.gov/support, or by phone at 301-496-4357 (6-HELP) (local), 866-319-4357 (toll free), or 301-496-8294 (TTY).