Active Directory Management (ADM)
Aldi SÜD Group

Goal

Delegate local user administration to managers on site.

Solution

Time-consuming user administration in the Active Directory is usually undertaken by administrators, tying up valuable resources in the process. With Active Directory Management (ADM), employee data can be conveniently managed by responsible employees and completely automated within the IT infrastructure – and that without any specialist IT knowledge.

Aldi SÜD Group

User administration in real time.


Localising user administration offers many significant benefits, and Aldi SÜD realised this at an early stage. As a result, as early as 2004, the IT specialists from the group sought options for automating routine user administration processes for the Active Directory (AD) and creating mailboxes in Exchange.

“Together with the responsible personnel at Aldi SÜD, we developed the concept for local user administration which makes the administration process workflows substantially more efficient,” recalls Pascal Kremmers, prodot CEO.

An innovative interface puts designated staff, such as HR managers, in the position to manage employees on a standardised basis. As a result, when creating a new user, accounts are not only created in the AD but also Exchange mailboxes, Internet email addresses and home directories on file servers. Access to specific programmes, email inboxes, AD groups and RAS access are also freely configurable. Users have the opportunity to view their own permissions and apply for additional ones. Line managers are integrated into the approval process via an approval workflow.

Active Directory Management

Local user administration

Moving towards self-services

Active Directory Management (ADM) is based on high-performance client-server architecture with SQL Server 2012. “The administrators have set up ADM instances at all ALDI SÜD sites worldwide, which are constantly synchronised,” explains Kremmers.

A comprehensive configuration system allows the highest administration level to delegate subtasks through the support hierarchy. Site-specific adjustments can be tracked at the highest level and made subject to approval.

In the time since its roll-out, ADM has been extended several times and its operation adjusted to more modern user concepts – the current Version 5 provides a WPF client in an up-to-date design.

  • High-performance: Automatic use of the quickest available AD server; thanks to smart caching, several tens of thousands of users can be handled in less than a second.
  • Transparent: Seamless, constantly-available protocolling of changes and approvals. Reverse search of all holders of a specific permission. Full user overview with all permissions.
  • Reliable results: Releasing the IT department from error-prone, complex routine work with automated models. Ensuring the quality and consistency of user data across the entire ALDI SÜD Group.
  • Configurable: User groups, attributes and the UI can be adjusted locally to site-specific requirements.
  • Efficient: Minimising manual data entry and processing times. Reducing process and IT costs.
  • Integrated: Interfaces for PKI, email archiving system and other back-end systems.
  • Structured: Standardised approval workflow, standardised permissions form, as well as high quality and up-to-date user data.

Over 10 years of ADM know-how

Follow-up projects benefit from the data quality.

The clear structure resulting from the Active Directory Management (ADM) enables permissions to be initiated for other programmes over and above AD groups. For instance, ALDI SÜD connected ADM to an internal public key infrastructure (PKI) as part of a follow-up project. As a result, certificates for users can be issued on a standardised basis.


ALDI Einkauf GmbH & Co. oHG

About the group

Aldi SÜD

Aldi SÜD Group has written history with its philosophy of focusing on the most important things. It has been pursuing its discount concept for more than half a century, offering quality products at outstanding value for money. The focus on its own brands, a carefully selected and compact product range as well as clear product presentation have proven their worth.

Nowadays, the Aldi SÜD Group is one of the leading discounters in the German and international market. It is also one of the top ranked companies in the discounter sector when it comes to customer satisfaction. Around the world, Aldi SÜD operates over 5,000 stores on three continents across nine countries. The group is represented by 31 regional companies in western and southern Germany.