One Identity Active Roles vs Quest Change Auditor for Active Directory comparison

One Identity and Quest Software are both solutions in the Active Directory Management category. One Identity is ranked #1 with an average rating of 8.5, while Quest Software is ranked #7 with an average rating of 9.0. One Identity holds a 6.9% mindshare in ADM, compared to Quest Software’s 6.7% mindshare. Additionally, 100% of One Identity users are willing to recommend the solution, compared to 100% of Quest Software users who would recommend it.

One Identity Active Roles

Read 25 One Identity Active Roles reviews

3,787 Views
1,250 Comparison Views

100% willing to recommend

Quest Change Auditor for Ac...

Read 1 Quest Change Auditor for Active Directory review

732 Views
688 Comparison Views

100% willing to recommend

One Identity Active Roles

Quest Change Auditor for Ac...

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between One Identity Active Roles and Quest Change Auditor for Active Directory based on real PeerSpot user reviews.

Find out what your peers are saying about One Identity, Netwrix, ManageEngine and others in Active Directory Management.

To learn more, read our detailed Active Directory Management Report (Updated: July 2025).

Buyer's Guide

Active Directory Management

July 2025

Download the complete report

Helped 861,490 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

One Identity Active Roles

Ranking in Active Directory Management

1st

Average Rating

8.6

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

User Provisioning Software (5th), Non-Human Identity Management (NHIM) (5th)

Quest Change Auditor for Ac...

Ranking in Active Directory Management

7th

Average Rating

9.0

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of July 2025, in the Active Directory Management category, the mindshare of One Identity Active Roles is 6.9%, down from 7.4% compared to the previous year. The mindshare of Quest Change Auditor for Active Directory is 6.7%, down from 8.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Active Directory Management

Featured Reviews

Grzegorz Kosela

solution architect/ engineer at APEX.IT Sp. z o.o.

Task automation simplifies user and delegation management while offering a customizable interface

Currently, task automation, like provisioning, deprovisioning, and reprovisioning, is very effective. When a user moves from one organization to another, it automatically changes their group membership and performs similar functions. Secondly, the granular delegation feature is very nice and much simpler and easier than it is natively in Microsoft. Two years ago, One Identity Active Roles was under Dell. It was quite poor. However, now, there have been notable improvements, such as faster system processing, better logging, enhanced information, and a more user-friendly interface. Once it was sold by Dell, things got better. The interface became a bit more user-friendly. The Angular user interface is much more flexible for adjusting to customer needs, and a completely new and customizable one can be created, aligning with all settings and scripts required by a customer. The ease of managing on-prem and cloud-based directories through a single pane of glass is good. I'd rate it nine out of ten. The solution's ability to provision and deprovision resources and directories like Azure AD is very simple, especially when you can integrate with the HR system and grab some data from HR. It's actually fully automatic. I don't need to even touch it. It's helped increase operational efficiency by 50%. It's helped decrease security problems around privileged accounts. We were able to decrease the number of privileged accounts and have been able to delegate more effectively. We decreased the number of high-level permissions that administrators had. For example, if someone is a DNS administrator, he has access only as far as the specific actions he needs to handle. We don't need to give away such high privileges for such a daily job. It's helped clarify roles and access. It's helped reduce identity-based breaches. If someone leaves a company, we can easily undo provisioning and close accounts. We can generate reports to see which people have which permissions and at what times. We've just integrated with our HR system. It helps us follow activated and deactivated users. I'd rate the granular controls on offer ten out of ten. We've saved on manpower in terms of the work of the administrators. There's good reporting and functionality, and it's very transparent. You can connect more than one directory and manage everything from one pane. You can do many things from one interface.

Read full review

RémyMAURAS

Microsoft 365 Consultant at Metsys

Real-time notifications and protection for Active Directory accounts with good documentation

The primary use case is to manage human errors, like protecting identities from being modified by the software, and to audit security. This includes monitoring high-privilege accounts and having the ability to back up previous values if unauthorized modifications occur in the Active Directory…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The biggest thing for us is Active Roles saves a lot of man-hours in keeping groups up-to-date manually or trying to write some sort of script that you have to run, so we don't have to reinvent the wheel. Instead of when every time somebody joins a department, then somebody has to remember to put in a request to add "meet user Joe" to this group, the solution does it automatically for us. Therefore, it saves our business and IT staff time because they do not have to process requests since Active Role can do it for them."

"The access templates help set up granular permissions and the web portal to manage Active Directory."

"We have eased the burden on the support desk and reduced the risk of them doing something they shouldn't."

"The solution is stable."

"Active Roles improved the management of users, groups, and AD objects in the organization."

"In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well."

"Active Roles helped increase operational efficiency in our organization."

"It gives us attribute-level control and the AD management features work very well."

More One Identity Active Roles pros

"The most valuable features are the ability to protect Active Directory accounts and groups, and the real-time notifications that help manage Active Directory more effectively."

Cons

"For the AAD management feature, it needs to improve the objects that we can manage and the security."

"I know they have increased support for Entra ID and mentioned providing support for AWS. A way to connect to various directories and integrate with cloud directories would be beneficial."

"For mid-sized to small companies, I do not know if it would be that useful, considering the tool's purpose."

"I've had a difficult time getting it to cooperate with Azure in the cloud and, while the support staff are very good and very knowledgeable, what they assist with just on a call doesn't go deep enough to help with a number of issues. The answer that comes back is that we'd have to start an engagement with Professional Services, which is fine but that takes time to schedule and it takes budget."

"Customer support is rated six. Sometimes having a fix for a bug takes too much time. While in production, issues tend to take a while to resolve."

"The possibility to request group membership, similar to the past, was disabled and moved to Identity Manager."

"There are some features that we think should be included in their next release. We think these things would take them to the next level: the ability to completely force or limit any dynamic group processing to specific servers, change-tracking reporting of virtual attributes, and the ability to use files as inputs to automation workloads. These things have also been talked about. Knowing them, they're probably working on them."

"For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript."

More One Identity Active Roles cons

"Areas that could be improved include having more management capabilities with command-line scripts and more flexibility in general."

Pricing and Cost Advice

"The pricing is on the higher end."

"It's expensive."

"The licensing model is a simple user-based model, not that much complicated."

"The pricing is high. I have not been involved with the renewal or cost aspect, but I know it is not cheap by any means. However, it is very useful for our environment."

"The price is reasonable. It costs us about 1 million Danish kroner annually, and we also spend about half as much on consultants."

"The pricing for Active Roles is expensive but not as expensive as other solutions like Okta."

"It's fairly priced."

Information not available

See which vendors are best for you

Use our free recommendation engine to learn which Active Directory Management solutions are best for your needs.

See recommendations

861,490 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

11%

Healthcare Company

Government

Financial Services Firm

17%

Computer Software Company

12%

Insurance Company

Healthcare Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What do you like most about One Identity Active Roles?

The solution is stable.

See all answers

What is your experience regarding pricing and costs for One Identity Active Roles?

The product is expensive, but if you want to save money, the delegation set-up process is quite easy. After setting up Active Roles once, defining the delegation model, it is very efficient, almost...

See all answers

What needs improvement with One Identity Active Roles?

One area for improvement would be the Entra ID side, including better delegation for Entra ID objects and more granular permissions. We would also like to see better Entra ID license management usi...

See all answers

What is your experience regarding pricing and costs for Quest Change Auditor for Active Directory?

The price can vary based on the components purchased and the needs and budget of the organization. It is considered a bit pricey, especially for smaller companies.

See all answers

What needs improvement with Quest Change Auditor for Active Directory?

Areas that could be improved include having more management capabilities with command-line scripts and more flexibility in general. Often this type of tool could benefit from better scripting capab...

See all answers

What is your primary use case for Quest Change Auditor for Active Directory?

See all answers

Comparisons

ManageEngine ADManager Plus vs One Identity Active Roles

Compared 15% of the time

SailPoint Identity Security Cloud vs One Identity Active Roles

Compared 15% of the time

One Identity Manager vs One Identity Active Roles

Compared 11% of the time

Microsoft Entra ID vs One Identity Active Roles

Compared 9% of the time

Softerra Adaxes vs One Identity Active Roles

Compared 6% of the time

More One Identity Active Roles Competitors

Netwrix Auditor vs Quest Change Auditor for Active Directory

Compared 45% of the time

ManageEngine ADAudit Plus vs Quest Change Auditor for Active Directory

Compared 26% of the time

Tenable Identity Exposure vs Quest Change Auditor for Active Directory

Compared 14% of the time

CrowdStrike Falcon vs Quest Change Auditor for Active Directory

Compared 9% of the time

ManageEngine ADManager Plus vs Quest Change Auditor for Active Directory

Compared 7% of the time

More Quest Change Auditor for Active Directory Competitors

Product Reports

Buyer's Guide

One Identity Active Roles

June 2025

Download One Identity Active Roles product report

Buyer's Guide

Active Directory Management

July 2025

Quest Change Auditor for Active Directory report

Download Quest Change Auditor for Active Directory product report

Also Known As

Quest Active Roles

No data available

Overview

One Identity Active Roles is a highly regarded solution for Active Directory (AD) security and account management. One Identity Active Roles will enhance group, account, and directory management while eradicating the need for manual processes. The end result is a significant increase in the overall speed, efficiency, and security of the organization.

Using One Identity Active Roles, users can:

Easily increase and strengthen native attributes of Active Directory (AD) and Azure AD.
Quickly unify and automate group and account management while protecting and securing critical administrative access.
Free up valuable resources to concentrate on other IT tasks, fully confident that your user permissions, critical data, and privileged access are safe and secure.

Managing accounts in AD and Azure AD can be tremendously challenging; continually keeping these important systems safe and secure presents an even greater challenge. Traditional tools can be inefficient, error-prone, and very disjointed. In today’s robust marketplace, organizations are finding it somewhat difficult to keep pace with the constant access changes in a hybrid AD ecosystem. Additionally, there are significant security issues to consider (government compliance, employee status/access changes, and other confidential business requirements). And, of course, there is a requirement to properly manage Active Directory and Azure Active Directory access in addition to managing all the other numerous SaaS and non-Windows applications that organizations use today.

Users can easily automate all of these tedious, mundane administrative tasks, keeping their systems safe and error-free. Active Roles ensures users can perform their job responsibilities more effectively, more efficiently, and with minimal manual intervention. Active Roles was created with a flexible design, so organizations can easily scale to meet your organizational needs, today, tomorrow, and in the foreseeable future.

Reviews from Real Users

A PeerSpot user who is a Network Analyst at a government tells us, “It has eliminated admin tasks that were bogging down our IT department. Before we started using Active Roles, if one of our frontline staff members deleted a user or group, it could take several hours to try to reverse that mistake. Whereas now, the most our frontline staff can do is a deprovision, which just disables everything in the background, but it's still there. We can go in and have it back the way it was two minutes later. Instead of it taking two hours, it only takes two minutes.”

Becky P., Sr Business Analyst at George Washington University, shares, “In addition, with the use of workflows and the scheduled tasks, we were able to automate and centrally manage a number of the processes as well as utilize them to work around other product limitations. Those include, but are not limited to syncing larger groups, which have 50,000 plus members, to Azure AD. We sync up to Azure AD using ARS. If we had not already had ARS in place, it would have been impossible for us to have done so in the time period we did it in. We did it in under six months. ARS probably saves us at least two weeks out of every month. It's reduced our workload by 50 percent, easily.”

One Identity

With Quest Change Auditor for Active Directory, you can ensure the security, compliance and control of both on-premises AD and Azure AD from a central location. Track, audit, report and alert on all key configuration changes and consolidate them in a single console — without the overhead of turning on native auditing.

Quest Software

Sample Customers

City of Frankfurt, Moore Public Schools, George Washington University, Transavia Airlines, Howard County, MD. See all stories at OneIdentity.com/casestudies

American Airlines, Bank of America, BARCLAYS, ebay, Ford, intel, MARS, MERCK, Microsoft, UBER, VISA

Buyer's Guide

Active Directory Management

July 2025

Download Free Report

Find out what your peers are saying about One Identity, Netwrix, ManageEngine and others in Active Directory Management. Updated: July 2025.

DOWNLOAD NOW

861,490 professionals have used our research since 2012.

See our list of best Active Directory Management vendors.

We monitor all Active Directory Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.