News

Active Directory Use Profiled in Study

• By Kurt Mackie
• June 04, 2010

IT pros mostly manage their Active Directory groups manually, according to an industry-sponsored study published late last month.

The study, conducted by Osterman Research in April for Livermore, Calif.-based Imanami, found that nearly 59 percent of participants manually maintained groups using Active Directory (AD). Another 33 percent said that they used a mix of manual and automated methods. Just eight percent used a purely automated system.

Osterman Research received surveys from 155 participants in organizations managing a mean of 750 e-mail users each. Survey participants either had to be AD users or knowledgeable about using AD in their organization.

AD is used as part of Windows to set up network permissions for users, such as granting access to folders and files. One of the points of the survey was to determine how "painful" it was to accomplish such tasks. Most respondents felt that updating groups in AD was "not too painful" (47 percent). Other responses to that question included "somewhat painful" (27 percent), "not painful at all" (16 percent) and "painful or very painful" (10 percent).

The pain points were indistinguishable between those manually updating AD groups and those using automated processes. "This tells us that current, automated methods of updating groups on AD do relatively little to alleviate the pain of group updates," the study concluded.

The study estimated that it was taking an IT administrator about 8.3 mean person-hours per 1,000 users to manage groups using AD. At a salary of $80,000 annually for an IT administrator, the cost for such AD support is about $16,600 per year. Imanami's interest in such details is that the company provides an automated identity management system for use with AD. Imanami is a Microsoft Gold Partner that specializes in group lifecycle management products supporting both AD and Microsoft Exchange.

Most organizations are using AD groups to grant access to folders and files (93 percent), systems (78 percent), group-level Group Policy Objects (73 percent) and sending e-mail to groups (66 percent). In addition, 56 percent of respondents said that they use AD groups to grant SharePoint access. Imanami sees this later finding as a reason for organizations to better enable real-time AD updates.

"As the amount of corporate content migrates to SharePoint, and as the consequences for data breaches become more severe, keeping groups updated in AD in a near real-time manner becomes crucial," said Robert Haaverson, Imanami's CEO, in a released statement.

The study is called "Survey Results for Imanami" by Osterman Research. Imanami describes the study's results in greater detail here.