Are you still managing network group memberships manually?
Automate Your Active Directory Group Lifecycle Management
Groups change. Employees come and go, departments are re-organized, teams are created and disbanded.
With updates automated according to policies you define, accurate membership and data security are ensured.
GoupSymmetry automates the management of groups in Active Directory based on group-specific policies, making manual IT tasks a thing of the past. With scheduled group synchronization and real-time updates, groups are always accurate and information is always secure.
Get a Free 30-Day Trial
Product Demo Videos
Tired of reading? Check out our videos!
Here are a few reasons:
- Scripts must be run periodically either on a schedule or manually. GroupSymmetry is a system process that constantly monitors Active Directory and takes action immediately.
- Scripts tend to be more difficult to understand and modify. The GroupSymmetry browser-based interface provides the means of creating, editing, and previewing GroupSymmetry policies.
- GroupSymmetry makes use of a persistent work queue to ensure that membership operations are retried as appropriate in the event of a network outage, problems in Active Directory, or other situations that might cause scripts to fail.
We use an identity management system to put people in groups, why would I need to look at Groupsymmetry?
There are a number of reasons:
- Adding or editing rules in an IDM system can be challenging for a network administator and a hassel for an IDM administrator. GroupSymmetry allows an organization to offload these responsibilities and also ensure that problems are not inadvertently introduced through human error.
- In many organizations, the identity management system is operating under strict change-control processes. Making changes for a new group or adding exceptions may be delayed or otherwise impracticable given the time constraints that typically accompany group membership need requests. GroupSymmetry is a dedicated system for automating group membership and through a simple Web interface is likened more to an administrative tool for the purposes of change management.
- When group membership rules are established using an identity management system, there is often no way to retroactively apply the rules to adjust the group membership.
By definition, each GroupSymmetry policy applies to a single group and therefore does not inherit down to subgroups of a nested group. This makes the use of GroupSymmetry impractical with nested groups, except for the child groups themselves, whose membership can be managed with the product perfectly well.
What if I change my mind about who should be in a group after Groupsymmetry has been managing that group?
Simply change the GroupSymmetry policy definition for the group and save it. GroupSymmetry will make appropriate adjustments to the membership at that point.
Shadow Groups are a concept in Active Directory where a group is supposed to “shadow” or mirror an Organizational Unit with respect to that group’s membership. This methodology is used as a means of granting a permission or giving an assignment to everyone in the Organizational Unit. There is no automated methodology of maintaining this membership. This is a major reason why GroupSymmetry exists.
No. GroupSymmetry requires no Active Directory schema extension to operate.
Exceptions are defined directly as part of the GroupSymmetry policy using explicit “Include and “Exclude” lists.
GroupSymmetry can use any Active Directory user attribute setting as a factor for including or excluding a user in a group. GroupSymmetry also supports additional non-standard user attributes that are added from extending the Active Directory schema in individual customer environments.
The GroupSymmetry evaluation license lets you create 10 policies. The software is valid for 30 days starting from the day you download the evaluation license.
Absolutely. “Account Disabled” is not an actual standalone attribute in Active Directory, but rather part of a bitmask attribute called “userAccountControl” where a single bit indicator is used. GroupSymmetry breaks this commonly used information out into its own synthetic attribute for easy use in defining a GroupSymmetry policy.
Senergy can assign shared storage areas (also known as collaborative storage) to Active Directory groups. When GroupSymmetry adds new members to a group managed through a Senergy collaborative storage policy, Senergy grants access to the shared storage area. Likewise, when GroupSymmetry removes a member from a group, File Senergy removes the user’s access to the shared storage area.
Another common example of interaction between the two products is through an inactive users group. When a user is disabled, Groupsymmetry adds the user to the inactive users group. The associated Senergy inactive users’ policy then moves the users’ personal storage to vault location and removes access rights.