Keeping an organization safe from potential security breaches and costly downtime involves knowing who has access to what parts of the infrastructure and how changes were made to group policies or to user account information. Many IT organizations have already made the long journey from legacy systems to Active Directory (AD) or are well on their way. Having spent time preparing for the pitfalls and pains of migrations, corporations have often forgotten why they set forth on the journey in the first place. The promise of Active Directory has always been to lower the costs of user administration, but sometimes it is unclear how best to achieve these ends. For many organizations, the two most overlooked areas are group policies and the secure delegation of tasks.