Skip to main content

Netwrix Directory Manager v11.1 Documentation

Managing directory objects (for example, Active Directory users and groups) can be a challenge: Employees move locations, change departments, and start new groups all the time. As a result, IT professionals are faced with the daunting task of continually managing and updating security and distribution groups — often having to do so manually.

Directory Manager is an IAM solution that makes it easy to stay on top of all the changes, requests, and requirements that IT sees every day.

Functions

Directory Manager works with a directory service, such as Active Directory and Microsoft Entra ID, to facilitate the following:

  • Group management
  • User management
  • Entitlement management
  • Password management

Group Management

Directory Manager offers administration and automation features for directory groups. You can:

  • Define rules to manage group memberships dynamically as changes occur within your organization.

  • Automate group lifecycle through membership attestation, auto expiry, and deletion.

  • Link identical groups in different directory services, such as Active Directory and Microsoft Entra ID.

  • Create hierarchy-based nested groups to mirror the geographical, organizational, and managerial structure of your organization.

  • Delegate group management to end users by enabling them to:

    • Create and manage their own groups
    • Create teams and channels in MS Teams
    • Join and leave the membership of groups

User Management

With Directory Manager, you can:

  • Automate user provisioning and deprovisioning in bulk.

  • Establish ownership by defining a clear managerial hierarchy with dotted line management.

  • Delegate user management to end users by enabling them to:

    • Create and manage users, contacts, and mailboxes in the directory.
    • Manage their direct reports.
    • Update their profiles in the directory.

  • Link identical users in different directory services, such as Active Directory and Microsoft Entra ID.

Entitlement Management

Stay informed on the permissions assigned to objects residing on your Active Directory file servers and SharePoint sites.

  • View entitlements from both an object’s perspective and a resource’s perspective.
  • Evaluate entitlements to limit users and groups to the least privileges.
  • Manage entitlements by assigning necessary permissions, modifying permissions, and revoking unnecessary permissions on the go.

Password Management

Different password management functions are available for administrators, helpdesk, and end users.

  • Administrators can define stringent password checks, such as disallow passwords starting with, ending with, or containing certain words or phrases; define regular expressions to set a syntax for allowed passwords; and even specify a list of disallowed passwords using an external file.
  • Users can reset their own passwords and unlock their own accounts after passing multifactor authentication.
  • Helpdesk can reset passwords and unlock accounts for users after authentication.