Tool for monitoring/manipulating Active Directory group memberships
Project duration: 4 months
Brief description
Conceptual design and creation of an intranet solution for displaying the user-specific read/write authorizations for shared project directories for responsible persons (org. /technical management or their representatives). In addition, there are options for manipulating the associated users/group assignments in the Active Directory.
Supplement
With the help of a user-created software library for accessing/manipulating LDAP entries, existing users/group links in the Active Directory are made visible and editable in an intranet application. Changes are made directly in AD via a special access authorization. The person responsible for the group/directory can set up representation relationships for any persons and these relationships are stored in a special SQL Server data retention.
Subject description
More than 5000 project-specific access authorizations to network directories, some of which contain highly sensitive information, represent a major challenge to the IT administration using the standard tools of the Active Directory. The intranet tool provides the persons responsible (for a project) with a convenient means of setting up and removing user assignments. In addition, each AD user can use the tool to easily and quickly determine contact persons for the necessary directory authorizations. The processes for setting up and removing system authorizations are streamlined and accelerated to a considerable degree, and possible security problems due to incorrectly assigned or expired system authorizations are minimized.