MIS Systems Thread, Active Directory Provisioning advice in Technical; HI all,
I'm after a bit of advise really, and I should start this post by saying that I'm the ...
13th July 2011, 02:07 PM #1
Active Directory Provisioning advice
I'm after a bit of advise really, and I should start this post by saying that I'm the SIMS data/system manager, not an IT technician or otherwise (I don't have access to our servers)
I have a meeting soon with our network manager to discuss potentially purchasing the CAPITA active directory provisioning tool to automatically provision users form SIMS. What we'd ideally like to do is add a new user to SIMS (either Student or Staff) and enter a username into a User Defined Field and have AD automatically generate a user with these details (with the username we have defined in the UDF)
So, the questions are; is this acually possible? Does the CAPITA product allow for this? If it is possible are there any pitfalls that we should be aware of? Anyone have any better suggestions?
13th July 2011, 02:33 PM #2
The same (I think) provisioning tool is used in their learning gateway. You provide a list of rules and it generates the usernames. Ie. 6 letters of family name (X), 1 letter of first name (Y), year of intake. eg... XXXXXXY11. The system allows for duplicates by adding an increasing number on to the end.
13th July 2011, 06:56 PM #3
you can do it for free with the sims2ad script, just need read access to the sims database, still need to finish off my changes to let it reenable accounts for people who've left and come back again. As a bonus it also works for staff from an excel file
13th July 2011, 08:18 PM #4
Is this the one that basically hacks straight into the data tables and extracts the data... I would rather recommend using a SIMS report or finding something\building something the uses the SIMS API\Business Objects so I don't end up with a large build from Capita. Also the Capita AD Provisioning is aimed at getting the data manager, like @Ecclesbury, or the office staff to to create AD, it's safe as it doesn't give you rights to AD and it's automated as well, you can just force it. Another option is SalamanderSoft, he's on the forum too. Personally, SalamanderSoft is WAAY better, it's a lot more flexiable and you don't need to install IIS.
Originally Posted by mavhc
Basically if your technician doesn't want to have to create accounts mid-year, AD Provising from Capita or SalamanderSoft is the way forward. I guess others do it too, like GroupCall, but I've not personally seen it in action.
Thanks to matt40k from:
rpwillis (14th July 2011)
13th July 2011, 11:05 PM #5
I wouldn't want to use ADP plus it's limited to the format of usernames. I dontthink it would take your udf data.
I was gutted to find out that after 2 years it still can't use admission number as a username for students
As Matt said, Salamander will give you much more flexibility and also do extras like create and map user areas / shares. @rpwillis is the man.
There are other ways as mentioned and free tools but would involve you doing a lot more of the work.
Last edited by vikpaw; 2nd October 2011 at 01:34 PM.
Thanks to vikpaw from:
rpwillis (14th July 2011)
14th July 2011, 07:26 AM #6
we use ADP as part of our SLG install. Works well for us. Creating user accounts is now an automated task driven by the admin staff doing student enrolment and staff hires. We wanted different format IDs for students (starting with year of enrolment + surname + initial), staff (first initial + surname) and parents (kds + first initial + surname) and it was able to deal with this OK.
Not sure why you'd want to manually create a user name into a UDF and then automate the creation into AD.
26th July 2011, 11:37 PM #7
Yes, although I didn't bother with creating the view in the database, just created a read only user so it can't break anything. Thus no, I assume you meant, bill. Reenabling works now too.
Originally Posted by matt40k
27th July 2011, 07:53 AM #8
Oops yer, large bill
Ok, so that's not so bad, you just ignoring the SIMS auditing and permissions. Sorry, still don't get why people don't use SIMS reports or the API. Suppose I'll have to write something before people stop.
20th October 2011, 09:47 AM #9
Can AD provisioning / any of the tools assign security groups, homedirs, profiles etc based on a template or does it just create a user account?
And is AD at the whim of bad data from SIMS, or can we lock down certain things so it's write-once from SIMS?
Last edited by pete; 20th October 2011 at 09:58 AM.
20th October 2011, 10:27 AM #10
B is unfortunately accurate (IME). And frankly it's easier for me to manually export a .csv, sling in a couple of formula, re-export .csv and then use csvde or Powershell to create the accounts.
Originally Posted by dhomer
Allowing a name change in SIMS to change things in AD is not on. Say Jenny Smith becomes Jenny Bloggs... we need to change:
Autocreated Homedir (and shift contents if more than a rename)
Create alias for old address
And we also need to warn Jenny Bloggs (ne Smith) when her username will change so she's not stuck trying to use the old username in front of a class.
Now if you had a "these changes are pending from SIMS - do you want to allow / reject / mark as idiotic?" functionality - maybe.
20th October 2011, 10:34 AM #11
- Rep Power
Hmmmm interesting... so we'd have to store the MIS identifier in Active Directory somewhere (so that we know the data we just had about Jenny Bloggs is actually jsmith in Active Directory)
We could have a profile "Change Username" that does the tasks you mention (moving data, creating an alias etc)
OK sorry for the polling :-) but another question... how useful would the two options be that
A) The data from the MIS is automatically sent to the software and you are prompted that a username change is required ("Would you like to authorise?") and the changes are made automatically.
B) You are told of the name change (by the MIS admin) and you (or they) fill in a form, selecting the user and enter the updated firstname and surname and the changes are made automatically.
20th October 2011, 11:13 AM #12
This software exists already as has been noted ... Salamander. Get in touch with @rpwillis, he is very helpful.
Thanks to TheScarfedOne from:
rpwillis (26th October 2011)
20th October 2011, 01:02 PM #13
If you hope to acheive £500 you'll have to have a proper SIMS (and other MIS) link - ie you can cope with names, UPN etc changing, or even getting completely deleted! Like others have said, SamanaderSoft has already done it, so it'll be difficult.
24th October 2011, 12:03 PM #14
- Rep Power
That's great thanks for your comments - interesting ideas.
By cgabbadon in forum How do you do....it?
Last Post: 16th December 2010, 10:48 AM
By KarlGoddard in forum Web Development
Last Post: 22nd February 2006, 12:15 PM
By tosca925 in forum Windows
Last Post: 16th February 2006, 08:40 AM
By Wizzer in forum Web Development
Last Post: 26th January 2006, 04:21 PM
By tosca925 in forum How do you do....it?
Last Post: 24th January 2006, 11:38 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)