Delegate Administration of Extranet Accounts for SharePoint
While at Tech Ed in Orlando this year, I ran across a vendor with an interesting web part for SharePoint. The vendor is "The Dot Net Factory" and their web part is Active Directory WebManager. When I saw this in action, I immediately saw some value for customers. Basically it is a web part that allows users to create and manage Active Directory accounts. The power of the web part is that you can limit the scope of the AD administration to a particular OU and enforce that all accounts created are based on a template user. This means that in a SPS deployment, multiple instances of this web part can be used to delegate the maintenance of subsets of AD users. Though I don't see this being used to administer internal AD accounts which IT professionals would not want to release control of, the potential is enormous for SharePoint extranet deployments. Typically in an extranet deployment, a separate domain is created with a one way trust with the internal domain. This way accounts can be created in the external domain for external users keeping them away from internal resources. When a customer has an extranet deployment of SharePoint this usually opens up a large set of questions about who is going to support the external users. How long will it take to get accounts? How will password resets or unlocking accounts be handled? When will the accounts be deprovisioned? With a potentially large base of external users this could overload any help desk or IT group. This web part allows power users/site administrators who are administering the team site control the external accounts within their scope without giving them direct rights to modify AD. This is worth checking out - the web site provides a free trial that you can install in minutes!