For developer teams working in an enterprise Windows server environment, it is customary to use Active Directory groups for access control to systems and services. In our scenario, every time onboarding starts for a new developer, this results in a big bunch of IT maintenance orders to add new users to the proper groups. Over time, the access profiles for each developer tends to deviate, making it very time consuming to figure out what that new resource should actually have.