What is your primary use case for One Identity Active Roles?

One Identity Active Roles serves as our centralized Active Directory administration platform for identity lifecycle management, including automated user provisioning, delegated administration, role-based access control, workflow automation, and compliance management.A specific example of One Identity Active Roles implementation is automating employee onboarding where new users are automatically created with correct organizational unit placement, group membership, permission assignments, and policies based on their department or job roles.

My main use case for One Identity Active Roles is for Active Directory user management, access control automation, and user provisioning and de-provisioning. I use One Identity Active Roles to automate new user creation when a new employee joins, where the required AD account, groups permissions, and mailbox access are assigned automatically based on their roles or department. I use One Identity Active Roles day-to-day for many use cases to reduce manual work, so it improves access management efficiency and makes user administration faster and more secure; that is mainly how One Identity Active Roles helps in my day-to-day work.

My main use case for One Identity Active Roles is centralized Active Directory administration and identity lifecycle management, including automatic user provisioning and deprovisioning, delegating administration, role-based access control, policy enforcement, and workflow automation to improve security, compliance, and operational efficiency. A specific example of using One Identity Active Roles to automate user provisioning is automatic employee onboarding, where new users are automatically created with the correct OU placement, group membership, permission, and policy based on their department or role, reducing manual efforts. Additionally, I use One Identity Active Roles for delegated administration, password management, approval workflows, group management, and auditing Active Directory changes, which helps improve security, reduce administrative workload, and maintain compliance.

Our main use case for One Identity Active Roles is Active Directory management, user provisioning, and access control automation. We use it to simplify repetitive administrative tasks and enforce role-based access policies across the organization. In day-to-day work, one common example is onboarding new employees. Instead of manually creating accounts and assigning permissions in Active Directory, One Identity Active Roles automates the process through predefined templates and workflows. When HR submits a new employee request, the tool automatically creates the user account, assigns the correct group, mailbox, permission, and OU placements based on the employee's department and role. This has reduced manual efforts, minimized configuration errors, and improved compliance and auditing.

One Identity Active Roles is my primary tool for provisioning and de-provisioning user access so that we can utilize resources properly. We use it to provision user access to different systems based on business requirements. We use One Identity Active Roles for provisioning and de-provisioning the roles and responsibilities of users so that they can utilize the tool or software according to business requirements.

My main use case for One Identity Active Roles is for centralized Active Directory administration and life cycle management; most of the day-to-day activities revolve around user provisioning, account modification, and modification group management, access delegation, and handling the joiner mover leaver process. One common example of how I use it for user provisioning in my daily work is during new employee onboarding; when HR shares the employee details, we use predefined templates in One Identity Active Roles to create user accounts with standard attributes such as department, designation, email format, and reporting manager, and based on the employee's role, the required security groups are automatically assigned instead of adding everything manually.

My main use case for One Identity Active Roles is Active Directory user and group management with automation and delegated administration. For example, in daily work, I use it to automate user provisioning, deprovisioning, manage security group access, and enforce naming and compliance policies across AD environments.

Our main use case for One Identity Active Roles is centralized Active Directory management and user provisioning. It helps automate user account creation, group management, role-based access control, and administrative tasks while improving security and reducing the manual workload for IT teams. One common use case for One Identity Active Roles is onboarding new employees. Our team uses it to automatically create Active Directory accounts, assign the correct groups and permissions based on their job roles, and apply standardized policies. This reduces manual configuration errors and speeds up the provisioning process for the IT teams.

One Identity Active Roles is primarily used for centralized Active Directory management, user provisioning, and automated access control. It streamlines user account creation, role-based administration, group management, and policy enforcement while reducing manual administrative effort and improving security compliance. A common day-to-day use case involves onboarding new employees. One Identity Active Roles automated user account creation, group assignments, mailbox setup, and permission allocation based on department rules. This process was previously manual and time-consuming, but One Identity Active Roles reduced setup time significantly and helped avoid configuration mistakes and permission inconsistencies. Integrating One Identity Active Roles with the existing Active Directory environment was relatively straightforward. The solution integrates very well with Microsoft-based infrastructure and directory services, although the initial configuration and policy setup required careful planning and technical expertise for smooth deployment.

One Identity Active Roles is used primarily for managing Active Directory, including user provisioning and group management. When a new employee joins, I use One Identity Active Roles to automatically create their AD account, assign them to groups, and apply policies, all with proper approvals. Apart from basic user provisioning, I use One Identity Active Roles daily for managing and controlling Active Directory permissions in a structured way.

My main use case for One Identity Active Roles is to simplify and secure the management of Microsoft Active Directory. In day-to-day work, it is mainly used for automating user lifecycle tasks such as creating, modifying, and disabling user accounts. Instead of doing everything manually, we can use workflows and policies to ensure it is done consistently. Automation with workflows and policies in One Identity Active Roles has really reduced the amount of repetitive manual work I used to do in Microsoft Active Directory. Earlier, tasks such as user creation were completely manual. I had to create the account, assign groups, set attributes, and double-check everything. It was time-consuming and easy to miss something. Now with workflows and policies in place, most of that is automated. For example, when a new employee joins, I just trigger the process or it comes through a request. The workflow automatically creates the account, applies the correct naming convention, assigns groups based on the role or department, and even routes approval if needed. Along with automation and diligence, one more important thing I would highlight is governance and compliance with One Identity Active Roles. Every change in Microsoft Active Directory is tracked, so we are always having a clear audit trail. That becomes really useful during audits or security reviews because we can easily show who made what changes and when. Also, the ability to enforce least privilege access is a big advantage. Instead of giving broad admin rights, we can tightly control permissions, which reduces risk. Overall, beyond just making tasks easier, it adds a strong layer of control, security, and visibility of AD operations.

I have been using One Identity Active Roles for approximately three to four years as a part of my role as a Senior System Administrator, where I gain hands-on experience in implementing and managing One Identity Active Roles for centralized Active Directory administration, including creating and managing access templates, configuring role-based access control, automating user provisioning and de-provisioning processes, setting up approval workflows, enforcing policies, and delegating administrative tasks securely, along with troubleshooting synchronization issues and integration with existing AD infrastructure to ensure compliance, operational efficiency, and reduced manual effort in a large enterprise environment. My main use case for One Identity Active Roles is to centralize and streamline Active Directory administration by implementing secure delegation, automation, and governance control, where I primarily use it for automated user provisioning and de-provisioning based on HR triggers, applying role-based access control through access templates, enforcing naming and attribute policies, and managing group membership dynamically, along with configuring approval workflows for sensitive access requests to ensure compliance and audit readiness, while also reducing manual intervention for service desk teams when delegated limited administrative rights through One Identity Active Roles by giving direct access to the domain controller, thereby improving security and operational efficiency and consistency across the enterprise environment. In my daily work, I use One Identity Active Roles to automate user onboarding and offboarding processes, where new users are automatically created with correct permissions, group memberships, and policies based on their role, and during offboarding, accounts are disabled and access removed instantly, which helps me to reduce manual effort, improve accuracy, and ensure better security and compliance.

One Identity Active Roles serves as the primary tool in our organization to streamline and secure Active Directory management by automating administrative tasks, enforcing governance policies, and reducing the risk of human error. It helps us delegate access control efficiently through role-based administration, ensuring that the right users have the appropriate permissions without granting excessive privilege. Additionally, it enhances compliance by providing detailed auditing, reporting, and approval workflows for changes made within the directory, which is especially important for maintaining security standards and regulatory requirements. Overall, it improves operational efficiency, strengthens our security posture, and simplifies identity and access management across the organization. A practical example from our daily use of One Identity Active Roles is our automated user provisioning process, where it is configured with policies and workflows that trigger as soon as a new employee is added to our HR systems or Active Directory. The system automatically assigns the correct group membership, email access, and permissions based on their roles and department, while also enforcing naming conventions and security rules simultaneously. Privileged access requests, such as adding a user to admin groups, go through an approval workflow that requires managerial authorization and is fully logged for auditing. This approach not only saves significant manual effort for the IT team but also ensures strict governance, consistency, and compliance without relying on individual administrators to remember every policy. Our main day-to-day use of One Identity Active Roles revolves around simplifying and controlling Active Directory operations through delegated administration and policy-based management. We allow helpdesks or junior IT staff to handle routine tasks such as user creation, password resets, and group modifications without giving them full domain access, ensuring security is never compromised. Simultaneously, we rely heavily on its built-in workflows and approval mechanisms for sensitive changes, such as privilege escalation or access to critical systems, which ensures every action follows a defined governance process and is properly audited. Its automation capabilities help maintain consistency in user attributes, enforce compliance policies, and reduce manual errors, making it an essential tool that keeps our identity management efficient, secure, and aligned with organizational standards on a daily basis. The workflow automation and auditing features of One Identity Active Roles have made a clear impact in our daily work, especially in handling access requests and compliance tracking. When a user needs elevated privileges, the request automatically goes through a predefined approval workflow instead of relying on manual emails, ensuring proper authorization before any changes are made and every action is logged with full details. This becomes extremely useful during audits or troubleshooting because we can quickly track who made what changes and when, reducing investigation time and improving accountability. This approach also removes the dependency on manual follow-ups and minimizes the risk of unauthorized access.

I have been working in the cybersecurity field for about one year using One Identity Active Roles. One Identity Active Roles is used for Active Directory management and user lifecycle management, including tasks such as user provisioning, group management, and enforcing access policies in a controlled and automated way. When a new employee joins, I use One Identity Active Roles to create the user account with predefined templates and automatically assign the required groups and permissions, ensuring consistency and saving time. Similarly, when someone leaves, I can quickly disable the account and remove access. Password resets and access requests represent another scenario related to our main use case, where Active Directory allows us to delegate tasks securely to help desk teams without giving full admin rights, reducing the workload on admins and ensuring proper control and auditing.

My main use case for One Identity Active Roles is to simplify and automate Active Directory management. I use it for user provisioning, group management, and to handle access requests more effectively. It helps reduce manual effort and ensures consistency in user account changes. One Identity Active Roles automates access requests through a predefined workflow. For example, when a new employee joins, their manager can request access via a simple form. The system automatically assigns the required groups based on their role and approvals are handled within the workflow, so no manual intervention is needed from the IT team. The delegation feature lets us assign specific admin tasks to different teams without giving full domain access. This maintains security while still allowing teams to manage their own users. It also gives us better visibility through auditing and reporting.

One Identity Active Roles serves as the centralized Active Directory user and group management solution in our organization. We primarily use it for automatic routine identity administration tasks like user provision, role assignment, and group management, which reduce the need for manual Active Directory changes. A good example in our organization is employee onboarding in Active Directory using One Identity Active Roles. When a few employees join, instead of the IT team manually creating a user account and assigning permissions, the process is triggered through predefined rules and roles based on an employee's department, for example, finance or IT, and One Identity Active Roles handles this automatically. One Identity Active Roles has become a daily operational control point for identity governance in our organization and environment. Beyond onboarding and role changes, we use it regularly for day-to-day identity administration tasks like resetting and managing user accounts in a controlled way, delegating limited administrative rights to different IT teams, and tracking and auditing every directory change for compliance purposes.

My main use case for One Identity Active Roles is to automate and secure user lifecycle management in Microsoft Active Directory, which helps reduce manual administrator efforts, enforce policies, and enable delegated administration with proper governance. For internal role changes, One Identity Active Roles updates access rights through control workflows, ensuring least privilege access. During employees' exits, accounts are automatically disabled and access is revoked. To maintain security, I use delegations to allow helpdesk teams to reset passwords and manage basic user attributes without giving full administrative rights. Approval workflows are implemented for sensitive access requests, ensuring compliance and audit readiness. One Identity Active Roles centralizes and automates identity and access management for Microsoft Active Directory environments, primarily used to streamline user lifecycle management, enforce security policies, and enable role-based access control through delegated administrators. The solution helps reduce manual intervention and administrative tasks such as user account creation, modification, and deactivation, ensuring that access provisioning follows standardized workflows with proper approval, improving governance and compliance. Additionally, One Identity Active Roles provides auditing and reporting capabilities, which help organizations track changes, maintain compliance, and enhance overall security posture.

One Identity Active Roles simplifies and automates user account management in Microsoft Active Directory environments, helping me reduce manual efforts, improve accuracy, and enforce standardized access control processes. The primary tasks I rely on it for are user provisioning and de-provisioning, password resets, account unlocks, group membership management, and handling joiner, mover, and leaver processes. One practical example of how I use One Identity Active Roles for user provisioning is during new employee onboarding. When HR shares the joining details, I use One Identity Active Roles to create the user account through a predefined provisioning template. The template automatically populates attributes such as department, manager, email alias, OU placements, and required security group membership based on the employee's role. For example, if a user joins the finance team, selecting the finance template automatically assigns the correct access groups, mailbox settings, and naming standards. This saves time, avoids manual errors, and ensures the user gets the right access on day one. In addition to onboarding and offboarding, another key use case with One Identity Active Roles is access modification during internal role changes. When an employee moves from one department to another, I use One Identity Active Roles to update the user profile and align access rights with the new role. It helps remove old permissions and assign new group membership through predefined roles, which reduces the risk of excess access.

My main use case for One Identity Active Roles is to handle end-to-end identity life cycle process from user provisioning when an employee joins to modification during role changes, and secure de-provisioning when they leave. This ensures consistency, reduces manual error, and improves operational efficiency. Another key use case is policy-based administration. We enforce standardized naming conventions, attribute validation, and security policy across all AD objects. This helps maintain a clean and compliant directory structure. We also rely heavily on delegation and role-based access control, allowing teams like HR or service desk to perform specific activities without giving them full administrative rights. This improves both security and scalability. Additionally, One Identity Active Roles is used for workflow automation and approval, where access requests or changes go through predefined approval teams. This strengthens governance and ensures audit readiness. Overall, the main goal is to reduce manual effort, improve security, and enforce compliance.

One Identity Active Roles simplifies and automates user and group management in Active Directory. It helps reduce manual work, manage permissions more securely, and ensure proper access control. Overall, it improves efficiency, reduces errors, and strengthens security in identity management. A recent example of how we use One Identity Active Roles day-to-day is during user onboarding. Whenever a new employee joins, instead of manually creating accounts and assigning permissions, we use One Identity Active Roles to automate the process. We select the role or department, and it automatically creates the user, assigns the right groups, and provides correct access. This saves a lot of time and also avoids mistakes such as giving wrong permissions. It makes the process faster and more secure.

When a new user is created, predefined rules automatically apply naming standards and assigned groups. This reduces manual tasks while ensuring consistency across all operations. It prevents and avoids mistakes during the account setup.

One Identity Active Roles is used for automated user lifecycle management and delegated administration across AD environments and infrastructure. When a new employee joins the organization, their account is created automatically based on their department, post, and location, eliminating manual work. When an employee moves to a different department, their access is automatically updated to reflect their roles. During the onboarding process, data is fetched from HR tools, and based on this fetched data, the access needed for employees is automatically assigned and sent. Whenever a user moves to a different department, their posts are automatically updated and reflected in their roles.

One Identity Active Roles is used day to day for centralized user management and user provisioning, group management, enforcing role-based access control, creating automated users, and notifications. One Identity Active Roles is used for managing group membership and controlling access efficiently. Organizations having multiple employees can consider this solution to manage their employees' usernames and credentials, onboard users, and manage their access. I highly recommend all organizations to consider this as one of the best solutions.

One Identity Active Roles has been a core part of my toolkit for the better part of my two years of experience in the IAM space, especially when dealing with a massive environment of more than 10,000 or 15,000 users where native AD tools do not suffice from the governance perspective. I have done deep work with One Identity Active Roles to bridge the gap between high-level IAM policies and on-ground execution, primarily enforcing least privilege and role-based access control. If I have to boil it down to the single most critical use case for One Identity Active Roles, it is delegated administration and automated lifecycle management. I experienced this when I stepped into my role with too many people having elevated access rights for basic tasks. This led me to implement One Identity Active Roles as a security proxy layer, minimizing the attack surface while also automating our JML process via integration with our HR feed from Workday. This leads to another major reason we rely heavily on One Identity Active Roles: data integrity and automated policy enforcement. I used One Identity Active Roles to implement policy objects that act as real-time guardrails to prevent the creation of users with incomplete data attributes, ensuring our downstream systems always receive clean data. A specific challenge I faced when scaling our support operations was that local IT teams were shadow domain admins, resulting in issues such as a regional admin accidentally modifying a critical SPN, which led to a localized Kerberos outage. This prompted me to implement access templates in Active Directory and One Identity Active Roles to define specific actions for helpdesk users and enforce zero-standing privilege, dramatically reducing the exposure time to unnecessary rights.

One Identity Active Roles is used primarily to simplify and automate Active Directory user and permission management. The solution automates routine tasks such as account creation, password reset, and permission assignments. It improves security by controlling access and providing auditing capability. A centralized dashboard allows for efficient management of users and permissions from one place. One Identity Active Roles automates repetitive tasks that would otherwise require manual effort and time. When onboarding new employees, the tool automatically creates user accounts based on predefined templates. It assigns the correct group membership and permissions according to the employee role without manual intervention. This automation reduces errors and speeds up the processes. One Identity Active Roles ensures that security policies are consistent across the organization.

One Identity Active Roles is used for provisioning and directory management.

My main use case for One Identity Active Roles is managing Active Directory. I use One Identity Active Roles to manage Active Directory by adding users to groups. When I'm adding users to groups with One Identity Active Roles, we sometimes do it manually, and sometimes we automate depending on the task. There are some automations in place for simple tasks such as adding people to distribution groups, but for more complex and sensitive tasks, they are done manually where a ticket comes in ServiceNow, and then we respond to that ticket manually by adding the people and then approving it.

One Identity Active Roles is used for delegated access. It helps with RBAC controls and allows us to manipulate across our facilities which OUs in Active Directory they can manage, along with dynamic groups and keeping the ability where folks don't have to use ADUC and they can just use a delegated management overlay tool to not delete groups and not delete OUs and not inappropriately move objects across containers. Regarding the ease or difficulty of managing on-premises and cloud-based identity directories through a single pane of glass, we leverage One Identity Active Roles from strictly the on-premises space. Being able to leverage it from a delegated access perspective, the console itself is very clean. It looks very similar to Active Directory Users and Computers, which legacy, long-time IT people are used to. So that outline from a UI perspective makes things seamless. People don't even know that One Identity Active Roles is actually a product and not just a built-in native solution for Windows, which is very key for us. Regarding One Identity Active Roles' ability to provision and de-provision resources in directories such as AD and Azure AD, it is very seamless. From a permission standpoint, it is a right-click de-provision user and having that recycle bin to quickly uncover or recover is very useful. It is very seamless. It is not the best from a change history standpoint as far as quantifying those logs, but it is nice to see that this object was de-provisioned on X day by a user, and it can quickly be restored in the event that was a mistake. About group membership management in One Identity Active Roles, I have already discussed how you can delegate groups with OUs and naming conventions through the complex IT teams that we have in our organization. From a group membership standpoint, we can manage groups and delegate that access across the organization from our enterprise service level that can do password resets versus our identity engineering team who has full domain admin in the console that can manipulate those access templates and make adjustments accordingly.

One Identity Active Roles is used primarily to manage and provision AD user and group accounts, delegate access more securely, and enforce role-based control. We also use it to automate new joiner, mover, or leaver workflows, apply policy-based approval, and maintain audit and compliance reporting across various customer environments. For example, One Identity Active Roles is used for user provisioning. When a new AD user is created, One Identity Active Roles automatically places the account in the correct OU, applies naming rules, and assigns role-based group membership based on its department. If privileged access is requested, it enforces approvals and logs the change for audit compliance. Day-to-day, One Identity Active Roles is used to delegate AD tasks safely to the service desk team, automate routine user group changes, and enforce policy-based controls so changes are consistent and auditable across multiple customer environments.

I am one of the resellers for One Identity Active Roles, so that is the reason I downloaded it. One Identity Active Roles is generally used in complex IT setups where Active Directory plays a critical role and organizations have many compliances and mandates to be followed. For example, in India, we have many banking customers who are governed by the Reserve Bank. In the US, you have the Central Bank or Federal Bank; in India, we have something called a Reserve Bank. All the big financial sectors have to follow the mandates and compliance provided by them. Identity solutions come into that part as well. So to make sure that everybody has the right amount of access and nobody has all access, One Identity Active Roles plays a critical role over there. In India, this kind of requirement mainly comes from regulated entities or regulated enterprises. So they prefer the on-premises solution for One Identity Active Roles. We have not had a customer in the past who has gone through the cloud solution. They want everything to be hosted on their premises. Since I have not come across the cloud-based installation yet, I cannot comment on that piece, but on-premises is what they look for in the current setup which we provide.

I use One Identity Active Roles primarily for identity management. We use it for managing multiple domains from a single interface, and the domains do not have trust between them. It has been used by multiple support teams, such as the service desk or the identity access management team for account creation, modification, and management of accounts. It is mostly focused on account creation, modification, deletion, and AD objects.

The main use case is the Active Directory delegation. We have many different entities within our organization, and we needed to delegate some Active Directory capabilities, such as creating users, updating users, deleting users, groups, and computers.

We use One Identity Active Roles for the delegation of Active Directory administration to local entities.

My use case is to gain better visibility into what has happened in One Identity Active Roles. It is to automate processes. When people are leaving, joining, or changing roles in our business, it is done automatically without manual work.

My use case is for task automation, such as user provisioning, deprovisioning, delegation provisioning, and rights delegation. It simplifies the management of users and groups.

We use it for various purposes, such as automating tasks in an Active Directory environment.

We use it extensively. Our help desk and all the end users or administrators use it. It was being used for user provisioning, but we have now automated some of the functions. Earlier, when it was being manually done, we had set up all the templates for the end-user provisioning and de-provisioning.

I am an implementer for the product. I install Active Roles for companies.

We use Active Roles to bring our decentralized environment into a single pane of glass. Our entire customer base is in a single directory, and they can manage their objects without interfering with other entities in our environment.

We use the solution for managing access to, shared drives and access for Active Directory.

We're using it for identity management, including the creation of accounts and synchronizing them with our HR system.

The solution is used for lifecycle management and can be deployed on-prem or cloud.

We use Active Roles as a single point to manage all our users. We're using all of the system's management capabilities, like setting group policies and delegating roles. We have around 1,400 users and 25 or 30 admins. The company uses Active Roles as a standalone solution because we don't have HR or ERP systems connected to applications. We aren't using it to migrate from Active Directory to Azure AD. We use a Microsoft solution called AD Sync. We had this functionality before implementing Active Roles, but we hope to get that improved connectivity to Azure AD and Exchange Online.

We started using Active Roles because we wanted protection against user errors by our frontline service desk. We have an on-premises solution.

Our primary use case for ARS is for the ease of delegating administrative access and the ability to limit direct access to the domain controllers. Those were the primary purposes for purchasing it. We do much more with it now, probably more than anyone else. We're still working through that primary use case. But in addition to that, over the course of the last seven years, we've been able to leverage ARS to allow us to do a lot more and be more efficient. We use it for dynamic groups. We automatically group users together by department, reporting structure, etc., to leverage them for access, authorization, and authentication. And we automatically group computer objects for management authorization. We have also started leveraging ARS as an identity platform. It was an interim solution until we move over to our final solution, for which we're going through vendor selection right now. The way we use it for identity is that we use custom scripts and workflows and scheduled tasks. We were able to migrate off of our legacy identity platform and move everything we currently do into ARS. While migrating to ARS, we also implemented role-based access for the administrative users and customized views for each role in ARS, in the web interface. So if you're a level-one support, you only see the tasks that you are allowed to do, versus if you're a full-blown administrator, you see everything. In addition, we use it for account creation at the university. We expose native Azure AD user group properties to assist with support increase. We provision and de-provision applications, and we create the necessary reports.

We use Active Roles to facilitate the synchronization between our Active Directory environment, SAP, and our school information system which is Trillium. Trillium and SAP feed data for employees and students into the Active Directory. We use password managers to manage passwords and provide us with three sets of passwords and options for our users.

We are using Active Roles for provisioning Active Directory objects and we also use it to connect, through Active Roles Synchronization Service, to our HR system and to provision and deprovision employees. In general, we use it to provision any object: security groups and computer objects, in a delegated manner. Active Roles Server allows the security of Active Directory to be changed to delegate access for provisioning to different IT teams, without changing the actual security of Active Directory. The solution is co-located in our data centers.

Our primary use case has definitely evolved since our very first use case, which was for delegation of rights within Active Directory without having to give folks native rights through Active Directory. That was our biggest driving factor into the use of Active Roles. All the other stuff that it does is a benefit, and we use it all heavily. However, we're very big into using the least privileged model and having the least amount of Active Directory native rights out there, as this cuts down on issues later. By having less people with native Active Directory rights, this cuts down on potential issues that we have to troubleshoot. It is used in our on-prem Active Directory, but the servers themselves are hosted out of Azure. So, we use IaaS, which is just having VMs in the cloud versus having our VMs on-prem. The only cloud aspect is that VMs are hosted in the Azure IaaS instance. It's a normal VM, which is part of our on-prem Active Directory, but it just happens to be hosted in Azure.

We use ARS to manage multiple domains. Our organization owns over thirty companies and we needed a tool that would give us the ability to apply consistent access rules across all of the businesses.

* It is mainly for delegation of permissions inside the domains for large companies. * It is for provisioning and deprovisioning users in the Active Directory (AD) and their licenses in Office 365.

We use it to lock down the interface between helpdesks and Active Directory.

We primarily use it for delegation access permissions, to helpdesks for example. We use it to automate certain things, like onboarding new users, deprovisioning leaving users, or when we add somebody to a group it triggers some kind of automation workflow. Lastly, we use it to sanitize data entry, to make sure that the first letter of the street name is capitalized, certain zip codes are allowed, others aren't; it's a type of data control.

RBAC for AD and Exchange Provisioning, Re-provisioning, De-provisioning and Undo-De-Provisioning of user accounts User Self Service Virtual AD firewall