Suppose a large company wants to introduce distributed administration, but wants to avoid the large costs involved in training their Help Desk and business units to correctly use complex administrative tools. In this situation, there is the need for an easy-to-use tool, to control what actions the Help Desk and business units can perform, and to enforce company policies and procedures.
Active Roles allows organizations to create Managed Units and to designate Trustees over those Managed Units. Trustees only see the objects to which they have access. They are given only the rights they need for the objects within these Managed Units, down to individual properties. Unlike native Active Directory organizational units, Managed Units provide virtual boundaries that span across domains and forests, offering more flexible delegation capabilities.
Delegating limited control over Managed Units efficiently eliminates the need for high-level administrative user ID's, allowing organizations to securely distribute administrative authority to local management. To improve network security and make distributed administration safe, Active Roles defines and enforces customizable administrative polices.
Active Roles allows organizations to safely implement administration for business units. If a company has a number of different business units, each of equal importance and each located in a separate office, a single network administrator could support all of the sites. Active Roles allows the company to create a single Managed Unit, giving an administrator control over users and resources that span multiple domains.