Problem:An administrator noticed issues with users being denied access to resources and always had to reset their passwords. The problem was that the size of the domain was huge. It had over 100 domain controllers and close to 70 administrators with varying levels of access.
He had been auditing several aspects of AD management on all of their domain controllers, but going through logs to find a subset of security events would mean scouring tens of thousands of events. This would have been virtually impossible.
Solution:Active Administrator allowed him to filter these logs and provided a simple means to find out what was going on, even prior to the time the product was installed. It turned out that a junior administrator was deleting and recreating accounts in order to move them between OUs. This was obviously messing up NTFS permissions and passwords.
The issue was easily corrected because Active Administrator illustrated what had happened, who had done it, when and on what DC. Now all Active Directory account management events are emailed in real-time by Active Administrator to a single administrator who can review them.