NetPro Tracks Changes in Windows AD

 
 
By Cameron Sturdevant  |  Posted 2003-12-08 Email Print this article Print
 
 
 
 
 
 
 

NetPro's Directory Lockdown 3.0 tool eases management of Windows Active Directory.

NetPro Computing Inc.s Directory Lockdown 3.0 makes it easier than previous versions to get notifications when changes are made in an IT shop running Microsoft Corp.s Active Directory.

Although a tad pricey at $9 per user for a perpetual license plus a 20 percent annual maintenance fee, Directory Lockdown was a nice addition to the management tools we used in our Active Directory testbed. Significantly, this version added support for Microsoft Operations Manager, which let us forward alerts to the MOM console.

Version 3.0 builds on NetPros support for management consoles, including Hewlett-Packard Co.s OpenView NNM (Network Node Manager), which we also used in our Directory Lockdown tests. However, Directory Lockdown competitors such as Computer Associates International Inc.s Unicenter NSM (Network and Systems Management) Active Directory Management Option strive to interact with a wider array of third-party management consoles. eWEEK Labs recommends that IT managers put interoperability with network management consoles high on their check-off list.

EXECUTIVE SUMMARY
Directory Lockdown 3.0
NetPros Directory Lockdown makes short work of tracking and controlling changes in a Microsoft Windows Active Directory environment. Directory Lockdown 3.0 gives system managers two choices: complete control or a new alert-only agent that sends messages to the central management console only when Active Directory is changed. Directory Lockdown is priced at $9 per user for a perpetual license, plus a 20 percent annual maintenance fee.

KEY PERFORMANCE INDICATORS
USABILITY GOOD
CAPABILITY EXCELLENT
PERFORMANCE GOOD
INTEROPERABILITY EXCELLENT
MANAGEABILITY FAIR
SCALABILITY GOOD
SECURITY GOOD
  • PRO: New integration with MOM; supplants manually tracking Active Directory changes.

  • CON: Agents cannot be easily changed after installation.
  • EVALUATION SHORT LIST
    CAs Unicenter NSM Active
    We found it relatively easy to integrate Directory Lockdown with various management consoles, including OpenView NNM and MOM. We set up Directory Lockdown to send events to our Ipswitch Inc. WhatsUp Gold network monitoring tool via SNMP traps. We were able to get the messages from Directory Lockdown to WhatsUp Gold with only a few configuration missteps along the way.

    Current users of Directory Lockdown will notice that the new alert-only agent is like a scaled-back version of the complete response client that shipped with previous versions. We liked the alert-only agent because it sent a message when we made changes to our Active Directory environment without locking the Windows domain controller, as is the case with the complete response client.

    For example, we were able to get a notification when we changed Active Directory site characteristics without having to worry about also authorizing those changes in Directory Lockdown.

    Because Active Directory replication extends to the boundary of the network, which could encompass many Active Directory domain controllers, we liked the fact that system administrators could make changes without having to get approval. However, IT managers who want the extensive control and security provided by the complete response agent still have that option. Both agents have the same price.

    We installed Directory Lockdown in a testbed that was composed mainly of Windows 2000 servers, with a couple of Windows 2003 enterprise servers as well. We had to decide which of the two agents to install on our domain controllers. A single agent that can act either as a complete response agent or an alert-only agent and is configurable on the fly should be available sometime early next year, NetPro officials said.

    We scored the two-agent approach as a minus because we had to make deployment decisions that werent easy to change later in the tests. Until the single agent is available, we recommend that IT managers install the complete response agent on machines that have any chance of being a security risk. Active Directory domain controllers in trusted environments are good candidates for the alert-only agent.

    We liked the Directory Lockdown connector for MOM. Its clear to us that MOM is coming into its own for organizations that rely on Windows servers. Directory Lockdown is only the latest of several products—System Management Arts Inc.s InCharge is another—that can send alerts to the MOM console. This is a big advantage for system management staff because it means that Directory Lockdown is easy to integrate into an existing management platform.

    Senior Analyst Cameron Sturdevant can be reached at cameron_sturdevant@ziffdavis.com.

     
     
     
     
    Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at cameron.sturdevant@quinstreet.com.
     
     
     
     
     
     
     

    Submit a Comment

    Loading Comments...
     
    Manage your Newsletters: Login   Register My Newsletters























     
     
     
     
     
     
     
     
     
     
     
    Rocket Fuel