Active Directory Object Manager (ADOM), by Synergix helps organize and secure computer & user objects in Microsoft® Windows™ Active Directory environment, enabling organizations to better manage Active Directory and meet their SOX, SEC and HIPAA compliance requirements. Key Benefits     Enforcing Password Policy on V P N users It is typical that most third party (Cisco, MCI, Nortel etc) VPN client users log into their computers using cached credentials. And then, fire up the VPN client to gain access to corporate resources. Under this scenario, neither the Security log on the domain controller(s) nor the Last Logon attribute of the user object is updated. Under these circumstances, an audit of active directory environment can report V P N users as inactive users. This scenario can make the SOX, H I P A A and other compliance exercises laboriously and costly. With ADOM, V P N users logging in with cached credentials and later connecting to corporate resources are tracked in Active Directory Security logs ( just like LAN connected desktop and laptop users ) and also, the Last Logon attribute is updated. This enables the IT auditors to generate more accurate usage reports and take appropriate actions to stay compliant with industry IT security requirements. Group Policy Objects VPN segments   It is typical that in many V P N environments, the user logs in using cached credentials.   In such cases, the Group Policy Objects will not be applied unless the computer remains connected to the corporate network for an extended period of time.   With ADOM, the group policy object updates occur as soon as the user establishes a VPN connection to the corporate network.   Security Filtering Desktop class and laptop class computers are added to appropriate groups in Active Directory i.e. 'Chassis Type - Desktops' and 'Chassis Type - Laptops'. These two groups can be used to assign GPO at the domain level and use the Security Filtering option to assign policy to appropriate computer objects only. Security Policies Password Expiration Notification Password policies, specifically the password expiration policy, can cause access issues to V P N users (logging in using cached credentials). When their password is about to expire, they do not receive password change notification, which ultimately results in their account being locked out. This typically gets resolved by the users having to call the help desk to have their password reset. With ADOM, V P N users (logging in with cached credentials) are prompted for password change and presented with a custom dialog box to change the Active Directory password. Customers can also customize a web page that can be launched in this form and prompt users to change password on other systems (such as VPN client password and other non-ADE applications such as Oracle, eRooms, SAP etc.)   Computer Object Management Domain Membership Users with elevated privileges may remove their computers from the domain, for non-business, experimental purposes or for business reasons, such as product demonstration purposes at client sites or tradeshows or conferences. ADOM  helps maintain domain membership. If the computer object in the Active Directory domain becomes defunct or the user removes the computer object from the domain and puts it in a workgroup or another domain ( at home, internet cafe, etc.), the computer rejoins the domain next time it is put back on the corporate network. All this is achieved without granting the user elevated privileges on his / her workstation or in Active Directory environment. Hostname Original hostname information can be retained. When the user with elevated privileges decides to change the hostname, it is rolled back to the original hostname when the computer is put back on the corporate network. Description The description attribute of the computer object can be customized and maintained dynamically. e.g. John Smith, OS Version = 5.1, AV Definition = 5/7/2007 Rev 25 Managed By / Primary User The 'Managed By' attribute of the computer object is updated and can be used to link the computer object to the primary user's user object. Organize by Chassis Type Computer objects are moved in the Active Directory environment and organized in an Organization Unit that reflects the Chassis Type (Desktops or Laptops) and is set relative to the OU where the user object resides.   + Finance + Users -If the primary user's user ID exists here, + Desktops -Desktops are automatically moved here & + Laptops -Laptops are automatically moved here. + Printers + Servers User Object Management Account Expiration Systems Administrators can easily keep track of dormant accounts by enabling the user Account Expiration feature. Microsoft Active Directory allows a static entry for Account Expiration, however, ADOM dynamically updates it based upon preconfigured value. For instance, the Systems Administrator can grant 7 days of access from the last successful login. This feature allows system administrators expire dormant user accounts thus safeguarding corporate data from unauthorized use. Active users continue to have access to active directory resources without any interruptions.   Group Objects Computer Groups ADOM maintains computer object membership in a group that easily differentiates the computer based upon Chassis Type. For instance, all desktop class computers are added to 'Chassis Type - Desktops' group and all laptop class computers are added to 'Chassis Type - Laptops' This feature allows the systems administrator to configure Group Policy Objects and enable them using Security Filtering option and make use of the chassis specific groups.   Click here to view the Powerpoint Presentation

Click here for larger image