In an ideal world, we’d have the budget and time we need to get things done. And tomorrow would be predictable. But that’s simply not the case, especially in the IT universe.

As you well know, the world of identity and access management (IAM) is one of constant change, shrinking deadlines, minuscule budgets, overtaxed staff and unmerciful regulations. Unfortunately, the approach most organizations take to IAM involves piecing together ‘half solutions,’ in the hope that tomorrow’s solutions will address real-world needs.

Active Directory is everywhere and Azure Active Directory (AAD), its cloud-based cousin, is quickly gaining ground. Currently, nearly ninety percent of organizations worldwide are using Active Directory (AD) for on-premises resources (aka on-prem). That represents 500 million organizations and somewhere around 10 billion daily authentications. In fact, in the world of identity and access management (IAM), AD has become unavoidable and absolutely necessary for on-prem user authentication and authorization. You have to go through AD. It’s just how it’s done. Now, mix in the cloud – and Azure AD– and your management complexity just skyrocketed – and you could be in for a world of pain, if your on-prem or cloud identity environments are not managed and synced properly.

Active Directory Domain Services (AD DS) administration and management includes 12 major tasks. These tasks cover a wide breadth of business needs and are not all performed solely by AD DS administrators. In fact, administrators can and should delegate several tasks to other members of their technical community, technicians, help desk personnel, even users such as team managers and administrative assistants. While delegation is a way to reduce the amount of work administrators have to do when managing AD DS infrastructures, it really only addresses one or two of the 12 tasks, for example, user and group administration as well as end point device administration. The other ten tasks can be staggering in nature — security, networked service administration, OU-Specific Management, Group Policy Object management and many more — and because of this can take up inordinate amounts of time,

To protect refugees, employees and supply transports—plus minimise costs—the Danish Refugee Council (DRC) wanted to standardise the management of Active Directory. After evaluating solution options, DRC deployed One Identity Active Roles. As a result, DRC established user templates and automated workflows for governing access for 7,000 global employees. Today, DRC can provision new users in an hour. IT staff have greater control over who can access which applications and data. And the organisation has increased staff efficiency, boosted savings and simplified regulatory compliance.

Active Directory (AD) is the foundation of identity and access management (IAM) at most organizations and, as such, is probably the most crucial technology on the network. More and more systems and applications depend on AD and Azure Active Directory (AAD) for authentication, policy, entitlements, and configuration management. If AD is insecure, everything is insecure.

Most organizations implement technology to do things better, deliver higher value, fulfill their mission and become more agile. After all, technology should make things easier. But often it seems that many IT initiatives slow operations and hamstring agility.