Review - Microsoft IAM Group Management Solution
One of group management solutions is part of Microsoft Identity and Access Management Series and you can download from: https://www.microsoft.com/downloads/details.aspx?FamilyId=794571E9-0926-4C59-BFA9-B4BFE54D8DD8&displaylang=en or https://www.microsoft.com/technet/security/topics/identitymanagement/idmanage/default.mspx?mfr=true
The group management is a subset of "Provisioning and Workflow" in the series. The code is written in Visual Basic. In my environment, I don't have Sun One and Lotus Domino. So I simply commented out several lines of provisioning code for Sun One Directory and Lotus mailbox, and re-compiled the solution. After installation and configuration on MIIS/SQL/IIS servers and in AD, I added more HR sample data, and defined several simple query groups and family of attribute groups through the Web UI. Then, I ran the supplied batch file which called Group Populator and MIIS 2003 run profiles. Finally, all groups showed up in AD and everything worked as claimed in the doc.
Although I like this "product", I ended up with own group management solution from scratch due to limitations explained in Cons.
Pros:
Excellent and easy to follow documentation to explain all aspects of requirements, architecture, design, implementation, setup and operations.
Good quality of code (I didn't encounter bugs/errors myself)
Nice preview feature for simple groups in Web UI
Logic builder in Web UI to create attribute groups
Source code provided for customization
Free of Charge
Cons:
- It works for single forest only and there is no way to get around to support multi-forests through code change.
- It doesn’t build hierarchical groups by default. This could be resolved by code change but it is not an easy task.
Overall Rating:
7 out of 10
(0-2: fail to work, 3-5: work in demo/test environment, 6-8: work in production environment, 9-10: excellent quality, great value, highly recommended)