2 of the most important object types in Active Directory are also the most poorly understood and managed. I’ve seen this over and over again creating vulnerabilities, hassles with auditors and compliance problems.
Organizational Units are containers. Groups are not. A user or computer account in AD can only be in one OU but it can be a member of many groups.
But more importantly the purpose of OUs and groups are very different. Primarily, groups are for giving an account access to resources and OUs are for managing objects within AD in terms of policy and privileged access.
OUs are a simple tree hierarchy much like folders in a file system, while groups are leaf objects. Groups however do support nesting, which when used correctly can allow you to do powerful things like role-based access control, but I frequently see careless group nesting creating nearly invisible vulnerabilities with privileged access.
In this webinar, I’ll help you thoroughly understand the differences between OUs and Groups and their respective purposes.
I’ll also show you what it takes to manage these and other objects in AD safely and effectively. It requires visibility into current and past state, detection of changes and collection of permission assignments throughout the distributed Windows/AD environment.
Manja Kuchel and Alexis Horn from SolarWinds will briefly show you how Access Rights Manager and Log & Event Manager create a common-sense security framework, based on three basic concepts, that will help IT professionals solve the security challenges they face on a day-to-day basis.
Please join us for this real training for free session.