Case Study

Standardising Active Directory and Microsoft 365 Access at Scale

Replacing a bespoke, developer-dependent system with a scalable, policy-driven approach to managing access across a 50,000+ user environment.

2017 - Present

Replacing a Bespoke Group Management System at Scale

Introducing structured, self-service group management to replace a legacy system and improve control across a 50,000+ user environment.

Global media organisation. Client details have been anonymised, but the scenario reflects a real engagement.

Snapshot

  • Industry: Global media
  • Organisation size: 50,000+ users
  • Environment: Active Directory, Microsoft 365
  • Challenge: Legacy bespoke group management system with limited maintainability
  • Solution: Standardised, self-service group lifecycle management using Adaxes
  • Outcome: Scalable, governed group management with improved consistency and reduced IT overhead

The Situation

The organisation relied on a bespoke group management system developed internally. While it had initially met requirements, it had become increasingly difficult to maintain, particularly following the departure of the original developer.

With over 50,000 users, group management played a critical role in controlling access across systems. However, the existing approach lacked flexibility, consistency, and long-term supportability.

The Challenge

  • Bespoke system no longer maintainable without specialist knowledge
  • Limited visibility and control over group creation and membership
  • Heavy reliance on IT for routine group management tasks
  • Inconsistent naming conventions leading to confusion and risk
  • No structured approach to membership requests or access expiry

Why Change Was Needed

The organisation needed a sustainable and scalable alternative that removed dependency on custom development while improving governance and usability.

Without change, inconsistencies in access, administrative overhead, and operational risk would continue to increase—particularly at this scale.

A more structured model was required to standardise group management while enabling users to take ownership where appropriate.

The Approach

Armstrong worked with the organisation to replace the bespoke system with a policy-driven model for group management, balancing control with flexibility.

  • Defining standardised group structures and naming conventions
  • Designing workflows for user-driven group creation and management
  • Introducing approval processes and lifecycle controls
  • Ensuring consistency across all group types and use cases

The focus was on creating a model that could scale while remaining manageable and predictable.

The Engagement

Armstrong began working with the organisation in 2017 to replace a bespoke, developer-dependent group management system with a structured, policy-driven approach aligned to Active Directory and Microsoft 365.

What started as a replacement project has continued as an ongoing engagement, with the solution evolving over time to support new requirements, scale, and changes in how access is managed across the organisation.

This has included refining workflows, extending automation, and ensuring the model remains consistent and effective across a 50,000+ user environment.

The Solution

A structured group management framework was implemented using Adaxes, replacing the bespoke system and introducing a consistent, policy-driven approach.

  • Self-service group creation aligned to organisational standards
  • Automated naming conventions to remove inconsistencies
  • Request and approval workflows for managing membership
  • Built-in access expiry and lifecycle management
  • Centralised governance without reliance on custom code

What This Replaced

  • Legacy bespoke group management system
  • Manual intervention for group creation and updates
  • Inconsistent naming and structure across groups
  • Lack of ownership and unclear access control processes

How It Works in Practice

Group management is now structured and consistent, while still allowing users to manage access within defined controls.

  • Users create groups that automatically follow correct naming standards
  • Membership requests are handled through approval workflows
  • Group owners manage access without routine IT involvement
  • Expiry rules ensure access is reviewed and does not persist indefinitely
  • All groups adhere to organisational standards by design

The Outcome

The organisation moved from a fragile, developer-dependent system to a scalable and governed model for managing group-based access.

  • Complete replacement of bespoke system with a supported platform
  • Reduced IT workload through structured self-service
  • Consistent group creation aligned to company standards
  • Improved visibility and control over access management
  • A scalable solution suited to a 50,000+ user environment

Key Takeaways

  • Bespoke systems introduce long-term risk without ongoing support
  • Standardisation is essential for managing access at scale
  • Self-service can reduce IT workload when properly governed
  • Lifecycle management is key to preventing access sprawl

Related products

Adaxes

Automates Active Directory and Microsoft 365 tasks and enforces delegated administration.

View Product

Related solutions

Active Directory Management

Document governance and lifecycle responsibilities for on-prem directory services.

View Solution

Entra ID Management

Define roles, policies and measurable controls for Entra ID lifecycle and access.

View Solution

Self-Service & Delegation

Define owners, approval paths and acceptance criteria for delegated identity self-service.

View Solution

User Provisioning & Lifecycle

Consistent, auditable controls for user account lifecycle across the organisation.

View Solution

Related technologies

Active Directory
Microsoft 365
Microsoft Entra ID

Discuss your environment

Speak to a specialist