| | Active Directory | Forms & Delegation |
| Support for Windows NT4 | None, the Active Directory Delegation of Control Wizard supports delegated control over Active Directory objects | Yes, Forms & Delegation allows delegation of tasks rather than objects. Tasks can be performend on user objects from Active Directory or Windows NT4. |
| Delegate control over resources | Limited, while native Active Directory delegation can enable a helpdesk user to create a mailbox, home directory creation and setting permissions cannot be delegated | Yes, Forms & Delegation allows delegation of tasks rather than objects. Tasks can contain any combination of resources such as mailboxes, group memberships and home directories with shares and permissions |
| Task based delegation | The Active Directory Delegation of Control Wizard delegates authority over Active Directory objects. The administrator has to compose MMC Snap-ins to enable a helpdesk user to perform the task. Delegating a "create user" task in the Active Directory requires the delegation of authority over various objects. | Forms & Delegation lets you compose your custom task. A "create user" task can contain the actions to create a user account in a specific OU, set appropriate group memberships, create a home directory and create an Exchange mailbox. |
| Customizable user interface | Limited, the Active Directory allows for management through MMC Snap-ins. These small tools can be customized to the extent that a helpdesk user only sees the delegated objects. All properties and configuration settings will still be visible, however they can be disabled. | Forms & Delegation lets you assign a form to a task. A "create user" task would only require input fields for first, middle and last name, and a job type or location selection to determine OU location, home server and mailbox store automatically. The helpdesk user only sees exactly what he/she needs to do. Learn more... |
| Security | Uses the Windows authentication model, which takes the logged on user when you start the management tools to perform tasks. | Uses the Windows authentication module which takes the logged on user by default when you operate the Windows Forms client. This client connects to the Delegation engine, downloads and executes Forms submitted by a delegated user. The Windows Web client (coming soon) will feature SSL encryption. |
| Name and password generation | None, the Active Directory does not support automatic name and password generation | Forms & Delegation allows for complex name and password generation, such as usernames, display names, smtp e-mail addresses and random passwords based on complexity rules. Name generation features advanced formatting functions and duplicate handling. Learn more... |
| Configuration and management overhead | Using the Active Directory Delegation of Control Wizard is relatively easy, but management afterwards causes a lot of overhead. Configuring additional users or groups to the same object priviliges is not possible without running the wizard again and there is no clear view on who is delegated to do what. | Users and groups are directly assigned to forms which are connected to tasks. This provides a transparent view of which user or group is allowed to do which task. |
