A person writing on paper
Photo by Scott Graham https://unsplash.com/photos/OQMZwNd3ThU

The Benefits of an Active Directory User Policy

IT Infrastructure Architect

An Active Directory User Policy can help large and complex organisations avoid cost and inefficiency by governing the types of user accounts that are created and defining how they are configured. Some of the benefits are discussed below.

What is an ‘Active Directory User Policy?’

An Active Directory (AD) User Policy is a governance artefact that defines the types of Active Directory user accounts your organisation creates and how they are configured and managed.

Typically a written document, it defines the standards to which accounts of different types will be created and administered, and it informs procedures and systems that will enact the creation and maintenance.

Who might benefit from an ‘AD User Policy?’

Whilst all organisations can benefit from a common approach to performing work, it is large and complex organisations that will benefit most from an AD User Policy.

Such organisations are likely to have a continually evolving technology landscape that results in ongoing change to user account configuration, a significant turn-over of staff, and multiple and complex business requirements.

Furthermore, there is likely to be considerable demarcation of responsibilities regarding user creation as the staff tasked with architecting the policies are unlikely to those responsible for designing automated user creation systems or even manually creating user accounts. This can lead to a disconnection between how accounts should be configured and how they are in reality.

Benefits

So, with a good AD User Policy in place, it is very likely that:

  • Different types of accounts will be identified, and as a consequence, will be configured consistently. This means timely and complex manual operations are can be avoided for account administration by making way for systemised and / or automated approaches.
  • Inconsistencies that can lead to technical problems are therefore avoided, as end-user experiences that differ according to (mis)configuration is engineered-out. Applications, access and user experience will become more consistent, and this will lead to a reduction of support effort.
  • It will become easier to deliver change into your organisation, because new systems or processes are less likely to have a range of different unexpected impacts upon your users or applications.
  • Differing needs of users will be better met, because of potential to manage accounts by easy identification of ‘user type’ is possible.
  • Potential for security risk will reduce, because automated and pattern-based ways of discovering and fixing security problems can be used easily, quickly and cheaply detect and resolve security and configuration problems.

Conversely, a large or complex organisation without an AD User Policy is likely to suffer greater inefficiency, cost and risk versus the organisation with one.

Summary

This article has discussed the concept and benefits of an AD User Policy. Perhaps your organisation could benefit from a more formal approach to governing user accounts too?

You should also read: