For Group Policy administration FAZAM 2000 from FULLAMOR has some good features, including reporting. http://www.fullarmor.com/solutions/group/ As with many 3rd party products the price tag may be a problem. Microsoft is in the process of a developing a new Group Policy Management Tool, which is currently in a closed Beta program and may not be available for a while. The feature set has a large overlap with FAZAM 2000 and if your timescales are undemanding it may be worth talking to your TAM about it.
NetIQ's DRA appears to be very popular. In some environments it may not offer the level of granularity of delegation management required and I know some companies who, having bought DRA, are now doing some in-house development for Group management. Because 3rd party tools can be expensive, the other option is to script a lot of the administration and reporting. The .NET framework also makes it easier to develop in-house web administration tools for AD. Tony ---------- Original Message ---------------------------------- From: "Ayers, Diane" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Mon, 08 Apr 2002 21:12:13 -0700 MessageWe are currently looking at our current tool set and are evaluating if we want to replace or stick with what we have. We have been using Mission Critical's "Enterprise Administrator" since 1997 in our NT 4.0 environment. Back in 1997 there were only two vendors that had an "enterprise" level delegate admin tool and in our opinion, Enterprise Admin was the best tool. It has worked well in that setting and has enabled us to apply granular delegation to the domain structure and control the administrator role. Since then EA and been acquired by NetIQ and is now know as Domain and Resource Administrator (DRA) We are moving toward a native AD environment for aprox 20,000 folks and we are using the opportunity to re-evaluate the tools we have and are looking at NetIQs DRA and Fastlane's (Quest) Active Roles as well as others Each tool has it strengths and weaknesses. DRA is built around a "proxy service" and the service makes the changes on behalf of the user. Active roles is built around the native ACLs of AD. The bottom line for us is going to be how well the tools we integrate into our processes. If you want to drop me a line, I'll give you my number and I can let you now where we are at in our evaluation process. Send it to my work address at [EMAIL PROTECTED] Diane Ayers Tech Lead, Active Directory Deployment San Francisco / Sacramento -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Myrick, Todd (CIT) Sent: Monday, April 08, 2002 6:03 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] AD Administration Tools Suvey Our group is in the process of evaluating some 3rd party tools to assist in delegation and administration of our Active Directory technology. We are evaluating the products based on 6 key areas. 1. Role / Trustee delegation 2. Control View of resources 3. Data Validation & Rule Sets 4. Group Policy Management 5. Reporting 6. Web based administration We are also evaluating Native Delegation vs Proxy based Delegation. What I am fishing for from this community is some experiences and possibly some recommendations from this group on some of the Admin consoles you folks use. Thanks Todd List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
