Bobel's Active Directory, Identity, Entitlement & Access Blog

Microsoft Azure addes PowerShell Management

Bob Bobel — Tue, 23 Feb 2010 18:00:36 +0000

Microsoft’s Azure cloud computing platform got a small update last week when they added PowerShell commands allowing users to manage services hosted on the platform. Ryan Dunn of Microsoft said on his blog that the pack called the Windows Azure Service Management cmdlets (WASM) were built to give people working with Azure an API to automate basic service managment tasks. http://dunnry.com/blog/WASMCmdletsUpdated.aspx

TEC 2010 ActiveRoles User Group

Bob Bobel — Tue, 16 Feb 2010 21:08:03 +0000

Following up on the US East Coast and Berlin User Group on April 28th, 2010 we are holding another ActiveRoles Server user group at the Quest’s The Expert Conference. For more detail go to http://www.theexpertsconference.com/agenda-speakers/quest-user-groups/

Quest AD PowerShell CMDLET BETA

Bob Bobel — Thu, 11 Feb 2010 20:00:03 +0000

I have had a lot of questions about when the next version of the ActiveRoles Management Shell for AD (a.k.a. Quest AD CMDLETs) would be released. I don’t have an exact date, but I wanted everyone to know that we are working on our next release and should have a beta in the next 60 days or so.

The focus of the next version will certainly have a security centric theme around certificate management as this seems to be an area that has not been effectively covered by anyone in PowerShell up to this point. I won’t go into details in this post, but I will provide another update next week with more details – so stay tuned!

New IE View for Firefox posted

Bob Bobel — Thu, 11 Feb 2010 15:53:58 +0000

If you are not familiar with this, he IE View add-in for FireFox allows Microsoft Internet Explorer pages to be rendered better within FireFox. At the end of January Paul Roub released a new version (IE View 1.4.5.1) to Mozdev.org to resolve questions about compatibility with FireFox 3.6.

Funny Google search

Bob Bobel — Thu, 11 Feb 2010 13:26:21 +0000

This is clever… wish I had thought of it. Go to Google and enter Find Chuck Norris then click I feel lucky.

Quick Connect for SAP Solutions – Tech Preview

Bob Bobel — Wed, 10 Feb 2010 20:00:04 +0000

Accompanying the Quick Connect 4.5 release last week we also made public a Technical Preview of our SAP connector. This connector will allow Quick Connect to directly pull authoritative SAP HR data and use it to provision other systems. This technical preview is pre-release software and as such should not be used in a production environment.

The connector will also provision base SAP accounts, set passwords for those accounts and assign SAP roles. In combination with ActiveRoles Self-Service Manager you can now allow people within your organization to request access to SAP modules/resources through the a approval driven self-service process.

ActiveRoles Server added to 115 UK schools!

Bob Bobel — Wed, 10 Feb 2010 00:09:21 +0000

I stumbled upon a really interesting article about how Unity Partnership (a venture between Mouchel and Oldham Councils in the UK) was deploying ActiveRoles Server to provide group provisioning and to control management rights for the staff and students. To read the article here.

Quick Connect and Quest Password Manager

Bob Bobel — Tue, 09 Feb 2010 20:00:00 +0000

Quest Password Manager is capable of integrating with Quick Connect to leverage its functionality and enable users, help desk operators, and administrators to more efficiently manage passwords across multiple data sources in the enterprise. When a user in Password Manager views their profile they can be given the option of individually changing individual passwords on Quick Connect connected systems or have those passwords synchronized with their Active Directory password. This provides a single location for users to manage all their enterprise passwords.

Quick Connect for Exchange Resource Forests

Bob Bobel — Mon, 08 Feb 2010 20:00:13 +0000

Last week I forgot to mention that we renamed our Exchange Resource Forest Manager module to Quick Connect for Exchange Resource Forests and updated it to support the latest version of Exchange and ActiveRoles Server. This module extends the multi-forest management capability of ActiveRoles Server to synchronize and provision accounts between a User Account Forest and the Exchange Resource Forest. Additionally, Exchange properties are projected from the Resource Forest onto the property pages of users in the User Forest for single point user account management.

Quick Connect 4.5 GA!

Bob Bobel — Fri, 05 Feb 2010 16:31:37 +0000

I am pleased to announce that later today, Quick Connect 4.5 will be made Generally Available (GA)to the public. You can now download the bits from http://www.quest.com/common/registration.aspx?requestdefid=20088.

What’s New: Password Synchronization – Quick Connect can synchronize passwords between Active Directory and some categories of connected systems. Active Directory and connected systems are governed by different access policies. Consequently, users need to maintain different user accounts and different passwords on these systems.

Maintaining several passwords on several different systems is a hassle for users and administrators. Quick Connect provides for Quick Connect Capture Agent to be installed on all domain controllers in the source Active Directory connections. Capture Agent tracks changes that were made to user password in Active Directory, and then Quick Connect Sync Engine synchronizes the passwords basing on this information.

What’s New: Re-designed Sync History Log – The Sync History feature of the application allows you to view reports on the performed synchronization workflow runs. The Sync History tab allows you to display a list of all performed synchronization workflows runs, and then view the report on the workflow run of interest. In addition to this possibility, the new version of the Sync History tab allows you first to filter the synchronization reports for all object pairs using some filter criteria, and then select the report to view.

What’s New: Additional Rules for Synchronizing Multi-valued attributes – In Quick Connect 4.0 we provided multi-attribute synchronization but we found we needed more options. Group and role assignments are often stored using multiple values in a single attribute and many traditional provisioning solutions are limited single value attribute provisioning . Flexible multi-value capability allows roles and groups to be synchronized between systems. For example, you may want to synchronize an SAP Role to an Microsoft Exchange Distribution List so you can easily email those individuals. Without multi-value capability coordinating such seemingly simple lists becomes very-very difficult.

Old School threats still persist

Bob Bobel — Wed, 03 Feb 2010 22:20:54 +0000

Great article in Network world about how companies are chasing the latest threats, but failing to mitigate the older security flaws. It was funny to see that applications exposed to the Internetthat were poorly protected was still happening in this day and age especially with all the two factor and other access protection technology widely available.

http://www.networkworld.com/news/2010/020310-old-security-flaws-still-a.html

SUN Identity Manager Customers SOL?

Bob Bobel — Fri, 29 Jan 2010 20:22:06 +0000

When IBM was bidding on SUN I posed the question… Question: What do you get if IBM acquires SUN? Answer: IBM. The same joke appears to be coming true now that Oracle is completing acquisition of SUN.

My colleague Jackson Shaw did a great job explaining the situation and sharing his incite on what this means to SUN customers. His blog is certainly worth the read. http://jacksonshaw.blogspot.com/2010/01/sun-idm-is-dead.html

Windows IT Pro Editor’s Choice: ActiveRoles

Bob Bobel — Tue, 26 Jan 2010 15:40:35 +0000

Eric Rux at Windows IT Pro magazine took on the job of installing and reviewing a bunch of AD Administration and Provisioning products to help readers select the most comprehensive and complete solution. Eric compared four different products and to me it was no surprise that ActiveRoles came out on top as the clear winner.

What is our secret? Simple, customer driven development, strong expertise and a team that is passionate about their work.

http://windowsitpro.com/Windows/Articles/ArticleID/103318/pg/4/4.html

Quick Connect 4.5 Goes Gold!

Bob Bobel — Tue, 19 Jan 2010 15:16:46 +0000

Following up on our highly successful 4.0 release, 4.5 went gold last week. We are now going through the internal processes needed to release the product to the public next month.

The biggest news about this release is that Quick Connect can synchronize passwords between Active Directory and connected systems. Active Directory and connected systems are governed by different access policies. Consequently, users need to maintain different user accounts and different passwords on these systems. Maintaining several passwords on several different systems is a hassle for users and administrators. Quick Connect now provides a Password Capture Agent to be installed on all domain controllers in the source Active Directory connections. The Capture Agent tracks changes that were made to user password in Active Directory, and then Quick Connect Sync Engine synchronizes the passwords basing on this information.

Also new in this release:

Updated design of history log to allow better searching and filtering
Additional rules for synchronizing multi-value attributes
Various improvments and resovled issues

We had a excellent year in 2009 and with this hot new release of Quick Connect I anticipate an even better 2010.

How you can personally help Haiti

Bob Bobel — Fri, 15 Jan 2010 12:03:02 +0000

You can donate $10 to the Red Cross by texting Haiti to 90999.

This is really-really cool and it appears that $5M has already been raised; a billion will probably be needed. Once you send the txt message, you will get a message back asking you to confirm your donation to which you must reply YES before the $10 is added to your phone bill. http://www.redcross.org/

If someone else pays your phone bill (like if you have a company phone) you may want to donate a different way. For example, The company I work for, Quest Software partnered with Iridium to donate a bunch of Satellite phones and airtime to Haitian officials to coordinate relief efforts. And another example is a video from Jimmy Buffett created to raise awarness about the Red Cross’s text message donation program. The way I look at it, this could be my family needing help.