Hey, guys. Eric Hibar with One Identity here. So any company that has Active Directory knows that groups are the best way to organize users, computers, and really any other AD object for a variety of purposes. Security and distribution groups are used across the forest to control access to resources, applications, send email, delegate privileges, and much, much more.
Groups are so heavily used in some organizations that there can be more groups than users sometimes. Unfortunately, managing AD group membership using native tools can quickly become overwhelming. Microsoft gives some capabilities to automate group memberships, but only if you really want to have an aneurysm writing LDAP queries.
To further complicate matters, most cybersecurity insurance policies and compliance standards mandate that group memberships need to be regularly reviewed and certified, otherwise massive penalties could ensue. Your business and processes need to evolve.
It's obvious how critical these groups are, so a plan should be put into place to assess the state of your directory. Get a lay of the land, so to speak. Use third party reporting tools if needed, but get a clear, definitive picture of what is so that you can create an accurate vision of what the future state of your directory will look like. Plan the work, work the plan. That's all.
[MUSIC PLAYING]
01:43