April 18, 2001, 1:14 PM — Finally, there's an easier way to administer users, groups, workstations and other data objects in Windows 2000's Active Directory.
The former FastLane Technology, now called Quest Microsoft Services, has released Version 3 of FastLane ActiveRoles (FAR), its Active Directory role-based administration software. FAR is a directory-enabled management solution that I've mentioned before.
It plugs into Microsoft Management Console (MMC) and allows a network manager to perform role-based administration over the existing Domain and Organizational Unit (OU) Active Directory structure.
With this new version, network managers can create what FAR calls "alternative business views," which can consist of any combination of Active Directory objects, from one or multiple containers. This is different from cross-container groups -- an alternative business view can contain users, groups or other objects from one or more OU containers. The administrator can then define and enforce corporate policies based on these views to ensure consistent directory data across an enterprise.
Among the new features in FastLane ActiveRoles 3 are:
* Business Views -- provide the flexibility to create alternate administrative views of users, groups, computers, or any other objects that are independent of the underlying Active Directory Domain and OU structure
* Business Rules -- enable administrators to ensure that corporate policies are enforced during users/group creation and during help desk edits to eliminate directory pollution. Common automation tasks can also be enforced through this mechanism
* Enhanced Reporting -- allows the administrator to perform more in-depth reporting on the security settings and business rules defined in Active Directory
FAR 3 can help you create order out of the chaos that can too easily result when a directory tree is designed "on the fly," but even for well-planned networks it can give you that "other view" which is needed from time to time.
Business Views, coupled with Business Rules, let you design the administrative view of the directory to fit your needs while still putting users and other objects in the OU containers that make the most sense to your network. It also still allows groups as a way to join users from different containers into associations for rule making or application sharing reasons.
I do suggest you take a look at it.