No, but I will try that. Cheers
Just noticed that the Ramesys disk we have says Identity Lifecycle Manager 2007 but installs MIIS 2003? Is there a way to upgrade to ILM2007?
Ive checked my screenshots, it should just be
Ours is ILM 2007 FP1. If you contact your MS supplier they do special live@edu prices for ILM2007FP1. ($200AU ours was)
I wouldnt bother upgrading an existing installation... just uninstall it and reinstall it
(ive done so many reinstalls i pretty much have learnt the product key by heart)
Ill spend some time tomorrow updating my docs and post them on here when im done..
this is the version you should be using:
Here is an updated version of my live@edu w/ ILM docs.
I added a few new chapters, and changed the ordering of some other chapters.
I've been having a lot of thoughts about our setup in the last few days and still not sure I have the answer yet :p
We've got a lot of students coming and going all through the year (approx 6000 part-time accounts) so I need to tailor the system to suit... here's my options (bearing in mind I need \ want the Moodle functionality as well)
a) use SQL to pull out new student details to CSV then upload to Live via PowerShell (I've already done a funky SSIS package that does the export and calls PowerShell automatically then emails the results)
b) use SQL to pull out new student details to CSV, import to AD then let ILM provision the accounts, PCNS will be required as well to match the passwords up
c) use SQL to pull out new student details to CSV, import to AD then use SSO kit to sign in, but I think SSO only works internally judging by the docs and what an MS partner said, although these guys seem to have cracked it running over the Internet? YouTube - Live@edu Hosted SSO Solution
Now the other issue is for passwords, we have a lot of beginner and ESOL students so remembering passwords could be an issue, here's how it affects the above...
a) we set a password manually in our "fountain of truth" user database then that becomes a static password for any exports we do, will be about 8 characters and mix of case etc. Users will get their password on a student card when they start and if lost reception can refer it back from a web interface. If we want accounts on AD as well as Live@Edu we'll have to do another import (not too difficult)
b) initial password is set but must be changed for PCNS, also assumes all users are logging in at our main site (not always the case as we have external centres that aren't under our control or using our IT). Also poses the problem for how many password reset requests we might get over time! The remote issue could possibly be solved with some kind of web password reset portal but that's extra complexity creeping in, plus the setup time for ILM and PCNS
c) same as above but takes PCNS out of the equation as the AD password is the master for everything else, although I'd need to figure out how to make SSO work to Internet instead of just internal
On top of the above we have to make the Moodle accounts separately anyway as they have to exist before the user signs in with a LiveID, luckily we're getting an MIS link to do this so as long as the Live import works fine the Moodle accounts should tally up.
The only other thing we have to contend with is duplicate display names for users, I think our MIS is adding a distinct name field which would solve it but need to find that out. Usernames would probably be student ID numbers for uniqueness, although again not sure how that will go down with the users as it also becomes their email address.
Whatever process I use it still relies on the initial CSV process from MIS so I think what it comes down to is whether I want user-controlled passwords or not. Any feedback appreciated as I've thought about it so much the choices have started spinning :p
THe good thing about ILM is it automatically creates the accounts in Live@edu for yuo. Once an account is made in AD, ILM then creates the corresponding account in the live@edu. So whatever steps you take to create your current AD accounts, with ILM there is no extra step you have to take. If you create your AD accounts with "user requires to change password on first login" then as soon as they change their password the first time they log in, it will sync to live@edu. Do all your users have an AD account ?
Having to have an account in moodle is only just 1 of the steps for the live@edu plugin to work. It also reqiures the MSN value be set to their Live@edu email address too.. But moodle works with ldap, so here their AD password would work..
We opted against the (local) SSO because it meant that at least if a student left a machine logged in, it wuoldnt then grant them auto access to their email.
At present there's no AD accounts, really going for it with the VLE is driving the other thoughts on identity management.
I know full well the joys of the Live@Edu plugin :p Why it can't be coded like the ldap plugin I don't know but our MIS link software can create the users with the correct fields set so shouldn't be too much of a problem. We wanted to use the LiveID as it then gives them the email inside the VLE (probably wouldn't be used otherwise) plus SkyDrive and Office Web Apps which I've made a little block for in their student My Moodle page.
Interesting with the thoughts on the SSO, I'm guessing it picks up on NTLM then so once you're logged in on the machine the portal auto authenticates once you hit the SSO URL?
The question I guess is whether 2 CSV imports is that much worse than doing just the one, the password issue is something that then helps decide which way to go...
Is the webapps moodle module something you developed yourself?
I would be keen to try that out if you are willing to share?
edit: is that the hosted web apps, (is web apps part of live@edu yet, I havent checked) or is that the office 2010 local web apps ?
I have a stupid question :(
Whats the weblink to the live at edu student outlook login page?
It's nothing too clever, just the icons with links to create a new online document in the My Documents folder (as in the root you can't move files around which is a tad strange) but does make life easier for students looking for the service :)
It also auto-hides if you don't sign in using LiveID authentication so people logging in through ldap won't see something that's of no use to them.