Working With a Top 10 Global Law Firm – Active Directory Synchronisation

Posted on 17 July 2018

Identity Experts helped a Top 10 global law firm solve its AD synchronisation problems and implement a worldwide Advanced Threat Analysis solution.

Updating Active Directory Through Growth & Mergers

Organisational growth through mergers and acquisitions places great strain on existing IT. The need to quickly rationalise and consolidate diverse technologies is a necessary task to ensure the expected returns are achieved in the short term and efficiencies are promptly realised.

Working with accelerated time scales and new technologies typically does not allow an organisation the time to develop and mature any new skills that may be required, in-house. This is causing many organisations to look externally to bridge this skills gap in the short term, whilst enabling skills transfer to take place to look after things longer term.

Problems Keeping AD Data Up-to-Date

A top 10 global law firm with over 5,000 staff operating in 39 countries had grown significantly in recent years, fuelled by a number of mergers. This caused issues with regard to IT infrastructure, a program manager at the firm explained.

“Although we use the Microsoft stack of technologies across our organisation, the near-constant change to personnel numbers meant that keeping things like Microsoft Active Directory (AD) and OUs up-to-date was getting increasingly difficult.

“With everything else that we were undertaking, the necessary expertise to undertake this clean-up task was not available in-house. As a result we decided to look for a partner who could initially help us with this and other more specialised Microsoft technology issues.”

Synchronising AD Data Across the Organisation

After speaking to their Microsoft account manager, the firm was recommended to talk to Identity Experts.

As a Microsoft Gold Partner, Identity Experts provide on-site consultancy, working alongside their customers to plan, assess, design and deploy Identity and Access Management (IAM) solutions, which guarantee tangible improvements in business performance and risk management.

Their technical architects possess a wealth of experience in deploying large transformational programs, as well as technical solution designers and project leads. These help their customers through their use of leading practices and modular designs, increasing return on investment and introducing new business efficiencies.

Identity Experts’ consultants carried out a thorough analysis of the existing situation. The firm had already implemented Microsoft Identity Manager (MIM), but needed help getting it operational to ensure the consistency and correctness of AD data across the entire organisation.

“We could tell from the outset of the engagement with Identity Experts that we had made the right choice,” said the program manager. “Their approach was open and flexible and presented us with the options available to solve our problems, allowing us to explore the right one for us.”

Microsoft Identity Manager (MIM)

MIM was customised by Identity Experts to synchronise data from the firm’s HR system – PeopleSoft – both into their corporate AD as well as SharePoint, which is used for search.

The SharePoint system is a key tool for their staff as it holds comprehensive information about all staff, including contact information and department and is easily available via the Intranet portal.

It was vital, therefore, that the information was always up-to-date. As the firm were keen to adopt best practices across the organisation, part of this project involved sorting out the complex distribution groups used across the organisation.

Their groups comprise ones for role, department and location as well as every combination thereof (where a person exists in that combination). For example, “All Real Estate Lawyers in London”, but furthermore “All Real Estate”, “All Lawyers”, “All London”, “All Lawyers in London” etc.

Now, these groups are constantly updated to ensure emails will always reach their intended recipient. As well as synchronisation with PeopleSoft, identities were also synchronised to Microsoft Office 365, Azure and Yammer.

In addition, custom connectors for information from the security system, a print awareness tool and a scanning application were set up. “As the information in our PeopleSoft system is viewed as the definitive source for HR data, it was important that identities from here were synchronised across our entire Microsoft technology stack,” said the program manager. “

With MIM and the work Identity Experts have carried out, we have now solved this problem and know that any changes in PeopleSoft will be quickly synchronised across other systems. “Identify Experts also helped us sort out a number of other related issues. This included implementing seamless single sign-on of multiple applications via highly available ADFS platform. As well as self-service password reset, being rolled out to all users with very minimal impact.

This has helped to reduce service desk calls significantly for forgotten passwords. “We have been delighted with the flexible and always available approach of Identity Experts. As a result we have since worked with them on a number of other projects and I foresee our engagement continuing for quite a while longer.”

Advanced Threat Analysis (ATA)

One of these additional projects has involved the implementation of Advanced Threat Analytics (ATA). ATA is an on-premises Microsoft solution that resides on the network analysing authentications against Active Directory domain controllers for irregularities.

It provides a simple and fast way to understand what is happening within the network by identifying suspicious user and device activity with built-in intelligence and provides clear and relevant threat information on a simple attack timeline.

It is now deployed on approximately 25 servers in multiple countries across the world, making it one of the few worldwide implementations of ATA.

A few people we've already done it for