1
00:00:06,430 --> 00:00:14,920
In smaller 80 days deployments consisting of a single domain and forest built in tools such as the Active

2
00:00:14,920 --> 00:00:22,960
Directory administrative center or Active Directory Users and Computers Management Council are generally

3
00:00:22,960 --> 00:00:31,810
sufficient for managing the associated User Group and computer objects in your organization.

4
00:00:31,810 --> 00:00:39,730
However as the administrator of a complex a tedious environment you will be managing millions of objects

5
00:00:40,000 --> 00:00:47,760
across multiple forests and domains which makes tasks increasingly tedious and difficult.

6
00:00:47,800 --> 00:00:55,510
If they are rather the only tools that are available to you in these situations you might need to implement

7
00:00:55,510 --> 00:01:04,840
advanced identity management processes to handle the various issues associated with administration.

8
00:01:04,840 --> 00:01:12,740
Let's consider the following scenarios if your scenario is user user management in complex aided years

9
00:01:12,740 --> 00:01:13,630
deployments.

10
00:01:13,750 --> 00:01:22,900
It is generally not feasible for an administrator to maintain user objects manually tasks such as creating

11
00:01:23,170 --> 00:01:24,700
new user accounts.

12
00:01:24,820 --> 00:01:33,790
UPDATE In a user department or provision in an Exchange server mailbox should generally be handled by

13
00:01:33,790 --> 00:01:41,740
an automated workflow that is initiated by the authoritative data source.

14
00:01:41,740 --> 00:01:50,320
For example you might decide to create a tedious user accounts automatically in a specific domain for

15
00:01:50,320 --> 00:01:56,740
new employees based on data from your organization's H.R. application.

16
00:01:56,740 --> 00:02:01,990
In the employee's department changes in the H.R. application.

17
00:02:01,990 --> 00:02:10,030
You might want the same change to reflect on the correspondent a tedious User object handling these

18
00:02:10,030 --> 00:02:18,850
tasks using an automated workflow is generally more efficient and less prone to human error.

19
00:02:18,850 --> 00:02:26,620
The next scenario is group management similar to manage and user objects manually managing groups and

20
00:02:26,620 --> 00:02:36,790
complex HDD deployments can present several challenges because group man memberships changes might often

21
00:02:36,790 --> 00:02:38,980
require authorization.

22
00:02:39,010 --> 00:02:47,170
You might decide to delegate management of group objects objects to designate it individual or group

23
00:02:47,170 --> 00:02:48,660
of individuals.

24
00:02:48,670 --> 00:02:58,390
However for those who are not administrators managing group objects might not be an intuitive process.

25
00:02:58,390 --> 00:03:06,370
In some cases delegates and management of groups might still result in inefficiencies that could be

26
00:03:06,370 --> 00:03:09,070
better handled by automation.

27
00:03:09,070 --> 00:03:18,130
For example a role based access in your organization might depend on what department a user object is

28
00:03:18,130 --> 00:03:19,350
assigned to.

29
00:03:19,510 --> 00:03:28,000
Rather than manually maintaining a security group for each department in the organization using automation

30
00:03:28,000 --> 00:03:35,400
to update group memberships based on the user's assigned department might be more efficient.

31
00:03:35,410 --> 00:03:44,530
The next scenario is user self-service implement and user self-service for tasks such as account unlocking

32
00:03:44,830 --> 00:03:53,710
and password resets can help you alleviate march of the administrative overhead that is associated with

33
00:03:53,920 --> 00:03:56,220
complex eds as deployments.

34
00:03:56,370 --> 00:04:02,490
Another scenario is cert management in a typical edit s deployment.

35
00:04:02,590 --> 00:04:10,020
You might have one active directory cert service certification authority or forest.

36
00:04:10,030 --> 00:04:18,400
Therefore in complexity the deployments with multiple forests you might have multiple certification

37
00:04:18,400 --> 00:04:21,860
authorities to manage in this situation.

38
00:04:21,950 --> 00:04:30,400
Maintaining the required templates automatic and royal enrollment policies and certificate revocation

39
00:04:30,730 --> 00:04:36,490
of the provision to users across multiple forests can be a challenge.

40
00:04:36,490 --> 00:04:43,750
Another scenario is identity SIMKIN As organizations become more cloud based.

41
00:04:43,750 --> 00:04:53,410
You might need to seen user identities with cloud services such as Asia or Active Directory to use offerings

42
00:04:53,410 --> 00:05:00,200
such as Microsoft Office 3 6 2 5 4 multi factor authentication.

43
00:05:00,220 --> 00:05:08,910
You might also have multiple on premises authentication stores your legacy line of business applications

44
00:05:09,180 --> 00:05:17,370
that necessitate seeing can user data so that it is consistent in each service.

45
00:05:17,370 --> 00:05:26,490
Now some words about Microsoft Identity Manager 2016 to address many of the scenarios above you might

46
00:05:26,490 --> 00:05:36,000
consider deploying an identity and access management platform such as Microsoft Identity Manager or

47
00:05:36,240 --> 00:05:44,380
meme meme 2016 can seamlessly make your existing data DSA identities cloud ready.

48
00:05:44,400 --> 00:05:53,750
It also provides powerful user of self-service capabilities and enhanced security features to support

49
00:05:53,760 --> 00:05:58,170
your on premises or high brute infrastructure.

50
00:05:58,200 --> 00:06:08,280
It is cloud ready identities meme 2016 can automatically prepare HDD identities for a SIM card with

51
00:06:08,340 --> 00:06:18,740
Asia Active Directory by stander ties and HDD user attributes and values it is user self-service meme

52
00:06:18,810 --> 00:06:28,380
2016 allows users to unlock their accounts or reset their password by using multi factor authentication.

53
00:06:28,380 --> 00:06:38,160
It also allows users to create and maintain groups by using workflow approval and its support cert management

54
00:06:38,160 --> 00:06:48,700
for multiple forest scenarios and memos about enhanced security Pam and mem 2016 uses a separate data

55
00:06:48,700 --> 00:06:55,650
it is forest to provide additional time bound security of administrator accounts.