Microsoft® On-Premise Support




Active Directory Management

With its Active Directory integration, intuitive user interface and comprehensive feature set, tenfold offers you all the tools you need to manage users, groups and permissions in Active Directory. The biggest strength of tenfold as an IAM tool is the ability to quickly and easily automate routine processes like user provisioning.

tenfold’s AD User Lifecycle Plugin, for instance, will help you automate joiner-mover-leaver processes by triggering common tasks, including: create new user, modify privileges (e.g. when users change departments), lock AD account, and more. When a new account is created or a user requests a password reset, tenfold uses a one-time secret (OTS) mechanism to ensure passwords are transmitted safely.



tenfold’s AD Group Assignment Plugin allows you to manage the assignment of IT resources through Active Directory group memberships. Users can request resources via tenfold’s self-service interface and tenfold then forwards this request to the designated data owner as part of a custom approval workflow. Once approved, the plugin automatically adds the user to the appropriate AD group. If the resource is later revoked for some reason (e.g. because the user moves to another department), the plugin automatically removes the user from the AD group.



Advantages (CIOs, CISOs, IT Managers)

  • Transparency and automation help improve security
  • Issues due to unsafe AD structures are eliminated

  • Free up IT staff by automating AGDLP management

Advantages (IT Admins & Infrastructure)

  • Generate reports on file server and Microsoft Exchange privileges with just one click
  • Group permissions are broken down automatically

  • Automate user and account management thanks to AD tools



Active Directory Monitoring Tool: The tenfold Dashboard

tenfold‘s dashboard feature allows you to monitor common issues with your Active Directory and file server structure: empty groups, inactive accounts, Orphaned SIDs, users with direct access to resources and so on. Many of these problems can be fixed with a single click directly from the dashboard interface. Yet another handy tool in tenfold‘s toolbox.

tenfold and the AGDLP Principle

Can you name a single organization that always and perfectly fulfills Microsoft’s AGDLP principle? Neither can we. But don’t worry, that’s why we’ve integrated the AGDLP principle into tenfold. Admins and users just need to set the desired permission level and tenfold then automatically implements AGDLP-compliant access control in the domain.

Automatic Reports and Documentation

Besides serving as your centralized platform for access management, tenfold also makes it easy to find all the information you need. The tenfold dashboard will keep you apprised of issues with your file server and AD, allowing you to automatically fix common problems. And thanks to tenfold’s reporting features, one click is enough to reveal who has access to critical data. tenfold:

  • extracts data from file servers and the Active Directory

  • breaks down nested structures

  • filters irrelevant information and

  • provides an overview of effective permissions (including historical data)

Screenshot of tenfold's Access Rights Manager showing file server permission reports.

Exchange® Management Without PowerShell and EAC

Exchange and the Active Directory are generally well integrated with one another. However, to carry out routine tasks, such as creating new mailboxes or modifying/deactivating/archiving existing ones, admins are still forced to use default Microsoft tools: either the Exchange Administration Console (EAC) or PowerShell. Not only does this mean more work, it also leads to security holes.

That is why tenfold’s Exchange Mailbox Lifecycle Plugin takes care of all tasks related to the management of Exchange mailboxes. And because tenfold documents everything it does, these processes remain 100% transparent for admins.


Screenshot of the IAM software tenfold's user interface showing Exchange permission reporting.

tenfold has also automated the permission assignment processes for Exchange mailboxes. These processes are implemented through an approval workflow. Employees can request access to shared mailboxes via the self-service interface. tenfold then forwards the request to the data owner of the mailbox (i.e. a manager), who must then approve or reject the request. If approved, the Exchange plugin provides the privilege.

Reporting for file servers works exactly the same way. tenfold provides an overview of who has access to mailboxes or mailbox folders, including breakdowns of granular permissions on individual mailbox folders. Visit our blog to learn more about Exchange reporting with tenfold.

Reporting for SharePoint

Of course tenfold‘s reporting capabilities for permissions in Microsoft on-prem environments do not stop at the file server. tenfold’s Sharepoint Reporting feature supports Active Directory® groups, native SharePoint® groups and customized privilege levels. tenfold:

  • extracts data from SharePoint and Active Directory

  • independently breaks down nested structures

  • filters irrelevant information and

  • provides an overview of effective permissions (including historical data).



Would you like to experience tenfold LIVE?

Sign up now for our product demo!
tenfold – Simple. Secure. Ready to go.

Register