Review - Microsoft IAM Group Management Solution

  • Article

One of group management solutions is part of Microsoft Identity and Access Management Series and you can download from: https://www.microsoft.com/downloads/details.aspx?FamilyId=794571E9-0926-4C59-BFA9-B4BFE54D8DD8&displaylang=en or https://www.microsoft.com/technet/security/topics/identitymanagement/idmanage/default.mspx?mfr=true

The group management is a subset of "Provisioning and Workflow" in the series. The code is written in Visual Basic. In my environment, I don't have Sun One and Lotus Domino. So I simply commented out several lines of provisioning code for Sun One Directory and Lotus mailbox, and re-compiled the solution. After installation and configuration on MIIS/SQL/IIS servers and in AD, I added more HR sample data, and defined several simple query groups and family of attribute groups through the Web UI. Then, I ran the supplied batch file which called Group Populator and MIIS 2003 run profiles. Finally, all groups showed up in AD and everything worked as claimed in the doc.

Although I like this "product", I ended up with own group management solution from scratch due to limitations explained in Cons.

Pros:

  • Excellent and easy to follow documentation to explain all aspects of requirements, architecture, design, implementation, setup and operations.

  • Good quality of code (I didn't encounter bugs/errors myself)

  • Nice preview feature for simple groups in Web UI

  • Logic builder in Web UI to create attribute groups

  • Source code provided for customization

  • Free of Charge

Cons:

  • It works for single forest only and there is no way to get around to support multi-forests through code change.
  • It doesn’t build hierarchical groups by default. This could be resolved by code change but it is not an easy task.

Overall Rating:

7 out of 10

(0-2: fail to work, 3-5: work in demo/test environment, 6-8: work in production environment, 9-10: excellent quality, great value, highly recommended)