ManageEngine ADSelfService Plus Reviews

It's mostly about keeping track of what's going on, such as passwords that are expiring and multiple login failures, and matching those failures with our third-party applications that do external monitoring from a security perspective.

At the moment, monitoring is one of the most valuable features for us. 

When I look at something like a server or a user who has an unsuccessful login, all they're giving me is what is from the domain controllers. When I click on the analytics portion that says give me information, it doesn't tell me what application is errored out. It doesn't tell me; it just tells me what is the same information from the domain controller. I'd like a little bit more robust information on actually giving me some useful information instead of some links that send me out to the Internet that says research here, and then I have to do additional research. It's kind of generic. And, basically, it's just a quick, I don't have to search through the domain controller logs, but once I pull those out, the logs are still very generic like you get from Microsoft. Area code four three one one. Okay. I had to go look that up. It doesn't take it any further than just a copy based on the domain controller.

I have been using this tool for a couple of years. 

The customer service and support team was good. 

Positive

The initial setup was straightforward. We just debated whether to keep it on the same server or put it on two different servers to get rid of the whole AD 360 interface and have two separate servers. It was just a little debate on how to utilize that.

Moreover, the solution requires just a little maintenance, mainly ensuring that everything is updated accordingly since we have a lot of ManageEngine products. It's important to update them in the right sequence during typical maintenance windows.

Overall, I would rate the product a nine out of ten. 

We struggled with the end users because most don't have the required IT background. They needed password resets for emails and accounts in the active directory. This created an issue for the help desk, and the system and ManageEngine ADSelfService Plus gave us a QR solution for the end users. Once an account is set up, you scan the QR code through Google authentication, Microsoft authentication or any program that can authenticate with the QR. You'll automatically generate a code that gives the port to reset or unlock your account very easily.

The solution provides wide options for multifactor authentication. It's Microsoft, Google, SMS, OTP and emails. Everything is possible through multifactor authentication, so it's an extra layer of security.

We need more reports for visualization for top management to understand the IT background of users and common user issues. It will also help us as an IT department eliminate user gaps.

We have been using this solution for less than six months and are using the latest version. It is deployed on-premises.

It is a very stable solution, especially regarding patching. Furthermore, they offer the knowledge base online, and everything goes smoothly without interruption once you follow it.

There is no room for scaling. It's only dedicated to a simple task to handle the request for the active director account, mail account, and unlock. We have about 6,000 users now. We are establishing new sites and plan to reach 10,000 users next year.

I rate the technical support an eight out of ten.

Positive

The implementation is very simple. There are no complex prerequisites, and it is just a simple EXE file. You install it, and it requires a couple of inputs and fields. Once you have filled it in, you just hit next, and the setup starts.

Deployment took less than an hour. Fine-tuning and integration depend on the business scope or needs. We need only one person for deployment and maintenance.

We are seeing a return on investment because we used to spend a lot of time setting up and unlocking accounts for a large number of users. With this solution, we just have to give an orientation and presentation on how to use ManageEngine ADSelfService Plus. Since we started using this solution, the number of tickets has reduced from almost 30% to 45% per month.

We did not evaluate other vendors

I rate this solution a nine out of ten. In the next release, we want our IT department to stop resetting and unlocking end-user accounts. This will make it the user's responsibility to reset and unlock their account, and it will be easier.

It is a simple solution, and I recommend allowing users to choose suitable multifactor authentication. It will help many users because most of them are unfamiliar with QR codes, and they have a lot of variables and variety, like OTP and SMS messages.

ADSelfService allows us to add multifactor authentication on our domain admin account. We only use one piece of a fairly extensive feature set. It does a lot of other things, but we're not going to be utilizing them. It is used exclusively for anyone with domain admin rights, which is a handful of service accounts and three administrators. They have to provide an extra one-time password.

Due to ransomware and novel threats, we can no longer allow people to gain domain admin access to our servers with only a username and password. With  MFA, they must supply a one-time password sent to them via some authenticator, like Microsoft or Google Authenticator. It could be a text message.

We've been working with ADSelfService for around a year.

ADSelfService has been highly stable. We're pleased with it.

ADSelfService is highly scalable.

ManageEngine's tech support is really good. I didn't call them. I just emailed them, and they responded within an hour.

We didn't have MFA for our server logins until we adopted ManageEngine. Price was the deciding factor. The economy is in the dumps, so our IT budget's pretty tight. We also needed something that could grow along with our company. If we ever need to enable MFA for all employees, it's already in place and ready to go.

Setting up ADSelfService was pretty straightforward, but it's such a feature-rich product, so it took us a little time to drill down to the things we wanted to do. It was nothing to complain about, and the documentation was superb.

Anything under 50 users is covered by their free license, so we don't have to pay for it. You download the trial version and once the trial is complete, it looks at the number of users. If it's less than 50, it just converts you over to a free version.

This is one of the reasons we are attracted to it. If we decide to implement it for all 200 employees, the solution is in place, but we would have to pay for a license. We may purchase a license at some point if we continue to grow.

We looked at a couple of solutions but never actually tried them.

I rate ManageEngine ADSelfService Plus 10 out of 10 for what we're doing. It's easy to set up, free to use and works flawlessly in our environment.

It integrates with ServiceDesk Plus. That's one of the benefits of using this product - most of their suites integrate, making it a one-stop-shop solution. I used it in my previous role, and it was particularly helpful in managing a large number of users, around ten thousand. It helped to reduce our ticket count.

The most valuable feature of ADSelfService Plus is that it allows users to self-service and cuts down on the number of password resets required.

The registration process could be improved. It should be easier for users to register for the service. That's the only area I would take away from it.

I would rate the stability a ten out of ten.

As the solution is user self-registration, it scales up as fast as the users are ready. So I would say it's very scalable.

I would rate it a nine out of ten.

Overall, I would rate it a nine out of ten.

* Enable users to change/reset their forgotten AD password by themselves.

* Enable users to unlock their AD account by themselves.

* Enforce more restricted password policies for AD users.

* Multi-factor authentication.

I've chosen to implement this product for a project where the users' computers are on a workgroup but they need to use an AD username and password to access resources hosted in AWS. Manage Engine AD Self Service Plus allow users to use their service even if their computers are not part of any active directory domain.  

It's very simple to manage and implement. Its functions are straightforward. You get all the basic features, such as you get the option to unlock the user account if it's locked. You can enforce password policies, and you also have the option to allow them to reset their passwords if they forget it. These were the basic requirements of my company that we could achieve through this product. 

They could improve their security of the products to prevent vulnerabilities.

There are additional features like Single Sign-On, and Mobile App enrollment which I have not used.

I've been using this product for five to six months.

I've not seen any issues. So far, it has been stable. Once you install it, it will not give you any trouble unless you make some changes.

It's scalable. There are many deployment options. If you want the on-premise option, you have that. If you want the cloud option, you have that option too. It's pretty good in terms of scalability.

I have installed this product on an EC2 instance. It's basically in the cloud. It's not on-premises because the server is in the cloud. It's an EC2 instance.

Their customer support is very fast.

Positive

This is the first time I'm using such a product. 

It's straightforward. I just purchased the license from their online portal using my corporate account and used their implementation guide to implement it myself.

In-house

You purchase the license for one time, and you can use it for a lifetime. The only thing is that in order to get support, you need to upgrade your product to the latest solution. You need to keep a support contract with them for which you have to pay some amount. It's a very small amount for renewing their support contract. Overall, it's very cost-effective.

I evaluated a couple of products. I evaluated Netwrix and a few others. I found ManageEngine to be more feasible for my requirement. I'm not sure if this is the best product, but it suits my requirements.

I was looking for a solution that would work even with workgroup computers. Netwrix only works in a domain environment. You can use this product only if your computer is in a domain. If your computer is in a workgroup, you cannot use this product. I had a requirement for the users whose PCs are in a workgroup, but need to access the services hosted in AWS through Active Directory credentials. I was able to achieve that by using this product.

If you are looking for a simple password reset solution and want to reduce your help desk calls, this is one of the best products. Your users can log in to the portal and reset their passwords.

I'd rate it a 10 out of 10.

We use this solution for MFA authentication for our computer users. We are customers of ManageEngine. I'm the head of IT.

The value of ADSelfService is being able to have multifactor authentication in Windows machines. 

The product is not user friendly compared to other solutions on the market. Azure MFA, for example, sends a notification that you click on. ADSelfService requires you to open the application and approve the login on the computer. It's more trouble than other solutions. 

The solution is generally very stable but we do get some errors and time delays that require uploading the login again which is frustrating.

The initial setup was easy. The only difficulty is understanding the architecture of the solution for all computers. Implementation takes around two weeks.

The price is reasonable, it's not very expensive.

The product is falling behind other solutions in this space. I rate this solution seven out of 10. 

The biggest use case is that we needed something to support our password-change policy on mobile devices. It is easy and straightforward for our in-house employees to change their login credentials but it is different for our mobile users. This is in part because some of our mobile users never come back into the office.

The specific challenge that we needed to solve was first providing the ability for mobile users to change passwords on their laptops, but in addition, have those credentials cached so that they could then use them remotely.

This solution has improved our security because our users can now change passwords on the fly.

The most valuable feature is the ability for remote users to change their login credentials using their mobile devices when out of the office.  Users are required to changed their passwords on a periodically.  Through the use of ADSelfService Gina service, they can change their password through Active Directory while outside their office and have the locally cached password on their laptop/desktop change at the same time.  This keeps their AD and locally passwords in sync.  

The setup process needs to be improved and made easier for the remote component because it is extremely difficult. Getting the VPN to work, based on the end user's configuration, took a very long time. It took weeks to get it properly set up to work successfully.

The worst part is that the solution can only be installed or updated on a device if it is physically connected to the local network. I can't even use their software, Desktop Central, to deploy it to a remote device. Consequently, I had to call in 150 people to physically bring in their laptops and install this on their machine.

Similarly, when a new version is released, I can't update it without getting these devices back in-house again. This is not only for cases where updates are those that the vendor releases but also with any changes that we make to the configuration. For example, if we made a change in the policy that modified it from 180 days to 190 days, they would not get that policy update until they physically connected to our network. The need to be plugged in and have a local subnet address in order for the change to be pushed.

With respect to maintaining security, I feel that it would be better to push software or updates out to a remote device, so that they are fully up to date at all times, rather than having to wait for people to visit the office and use outdated software in the interim. It can take perhaps four months to get somebody back into the office, which is a long time to use an outdated security product.

The main point of this solution was to have our remote users change their password within the timeframe that we specify in the security policy. So, it makes little sense that you can't install the software or push updates out to remote users.

We have been using ManageEngine ADSelfService Plus for about a year and a half.

The stability is great. We have had no issues and it works flawlessly for the most part.

Scalability-wise, I don't think that there are going to be any issues with it. We keep hiring and pushing it out to more and more people. We'll never hit the 10,000 user mark so we don't know about that kind of scale but for our 500 or so users, it has not been an issue.

The technical support is hit-or-miss. Sometimes you get somebody who really knows what they are doing and can solve your problem in five minutes. At other times, you get somebody and you can't even understand what they are saying. In cases like this, it takes two or three weeks to resolve the problem.

It is like this with most support systems, so it is not really a surprise.

I have resigned myself to using the chat feature for support. It takes a little bit longer but I can typically get a better answer and a more comprehensive response because I don't have to ask people to repeat themselves. It has worked out better for me, regardless of the increase in the time it takes. Overall, I have had more resolved using chat than with phone calls.

We did not use another solution prior to ADSelfService plus. It was part of our change in security posture over the past couple of years. Our struggle was finding a product that could do what we needed to do at our price point.

My understanding is that the initial setup and working with the configuration is not terribly difficult. It is fairly simple and fairly straightforward. The difficulty was having the software open a VPN through the SonicWALL firewall to create a NetExtender session, then allow the password to be changed on our system and finally cached on the laptop. It is an awesome feature to have but very difficult to set up.

The basic deployment to have the system work internally was easy and quick to do. It was an out-of-the-box solution. On the other hand, getting all of the remote users configured properly took us weeks to do.

Using this solution costs us about $1,200 USD per year. It is hard to beat $100 USD per month. There are no costs in addition to the standard licensing fees.

In order to better handle the pushing of updates to our more distant remote employees, I undertook a plan that is not supported by the vendor. I was able to set up a specific VPN connection to my cloud server for each of my remote offices, and then have the employees appear at one of those physical locations in person. Originally, they had to come back to this specific office and use our internal network.

Overall, this product is good if you have the patience to deal with the setup. My advice to anybody who is considering this solution is to first look at the whitepaper and ensure that what you are using for a VPN is compatible with the product. We were lucky in that they support the NetExtender VPN client that comes with SonicWALL. If you don't verify this then you might be disappointed to learn that the software works but it cannot be integrated with your firewall. Essentially, do your due diligence.

I would rate this solution a seven out of ten.

Incident management and asset management.

Helped establish basic standard processes for service ticketing and request management.

Incident management.

Asset management/discover and reporting.

We use the solution to reset passwords automatically. It is useful for companies that have many employees.

The solution enables agents to reset their passwords.

The price must be reduced. The cost must depend on the number of nodes.

I have been using the solution for five years.

It is not difficult to deploy the product. The deployment took a month. We are a large enterprise.

We can get a certification on the solution. We never had to contact support. It is a simple application. We also use a tool to decrease the number of incidents. I will recommend the tool to others. Overall, I rate the product a nine out of ten.