+ Post New Thread
Results 1 to 14 of 14
MIS Systems Thread, Active Directory Provisioning advice in Technical; HI all, I'm after a bit of advise really, and I should start this post by saying that I'm the ...
  1. #1

    Join Date
    Mar 2011
    Location
    Bristol
    Posts
    119
    Thank Post
    24
    Thanked 24 Times in 20 Posts
    Rep Power
    18

    Active Directory Provisioning advice

    HI all,

    I'm after a bit of advise really, and I should start this post by saying that I'm the SIMS data/system manager, not an IT technician or otherwise (I don't have access to our servers)

    I have a meeting soon with our network manager to discuss potentially purchasing the CAPITA active directory provisioning tool to automatically provision users form SIMS. What we'd ideally like to do is add a new user to SIMS (either Student or Staff) and enter a username into a User Defined Field and have AD automatically generate a user with these details (with the username we have defined in the UDF)

    So, the questions are; is this acually possible? Does the CAPITA product allow for this? If it is possible are there any pitfalls that we should be aware of? Anyone have any better suggestions?

  2. #2
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    West Yorkshire
    Posts
    814
    Thank Post
    88
    Thanked 179 Times in 147 Posts
    Rep Power
    66
    The same (I think) provisioning tool is used in their learning gateway. You provide a list of rules and it generates the usernames. Ie. 6 letters of family name (X), 1 letter of first name (Y), year of intake. eg... XXXXXXY11. The system allows for duplicates by adding an increasing number on to the end.

  3. #3

    Join Date
    Jan 2007
    Location
    Nottinghamshire
    Posts
    530
    Thank Post
    1
    Thanked 84 Times in 58 Posts
    Rep Power
    38
    you can do it for free with the sims2ad script, just need read access to the sims database, still need to finish off my changes to let it reenable accounts for people who've left and come back again. As a bonus it also works for staff from an excel file

  4. #4

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,434
    Thank Post
    368
    Thanked 646 Times in 528 Posts
    Rep Power
    159
    Quote Originally Posted by mavhc View Post
    you can do it for free with the sims2ad script, just need read access to the sims database, still need to finish off my changes to let it reenable accounts for people who've left and come back again. As a bonus it also works for staff from an excel file
    Is this the one that basically hacks straight into the data tables and extracts the data... I would rather recommend using a SIMS report or finding something\building something the uses the SIMS API\Business Objects so I don't end up with a large build from Capita. Also the Capita AD Provisioning is aimed at getting the data manager, like @Ecclesbury, or the office staff to to create AD, it's safe as it doesn't give you rights to AD and it's automated as well, you can just force it. Another option is SalamanderSoft, he's on the forum too. Personally, SalamanderSoft is WAAY better, it's a lot more flexiable and you don't need to install IIS.

    Basically if your technician doesn't want to have to create accounts mid-year, AD Provising from Capita or SalamanderSoft is the way forward. I guess others do it too, like GroupCall, but I've not personally seen it in action.

  5. Thanks to matt40k from:

    rpwillis (14th July 2011)

  6. #5

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,641
    Thank Post
    685
    Thanked 1,400 Times in 1,160 Posts
    Rep Power
    353
    I wouldn't want to use ADP plus it's limited to the format of usernames. I dontthink it would take your udf data.

    I was gutted to find out that after 2 years it still can't use admission number as a username for students

    As Matt said, Salamander will give you much more flexibility and also do extras like create and map user areas / shares. @rpwillis is the man.

    There are other ways as mentioned and free tools but would involve you doing a lot more of the work.
    Last edited by vikpaw; 2nd October 2011 at 01:34 PM. Reason: typo

  7. Thanks to vikpaw from:

    rpwillis (14th July 2011)

  8. #6
    jdoyle's Avatar
    Join Date
    Mar 2008
    Location
    Republic of Swindon
    Posts
    394
    Thank Post
    70
    Thanked 49 Times in 42 Posts
    Rep Power
    57
    we use ADP as part of our SLG install. Works well for us. Creating user accounts is now an automated task driven by the admin staff doing student enrolment and staff hires. We wanted different format IDs for students (starting with year of enrolment + surname + initial), staff (first initial + surname) and parents (kds + first initial + surname) and it was able to deal with this OK.

    Not sure why you'd want to manually create a user name into a UDF and then automate the creation into AD.

  9. #7

    Join Date
    Jan 2007
    Location
    Nottinghamshire
    Posts
    530
    Thank Post
    1
    Thanked 84 Times in 58 Posts
    Rep Power
    38
    Quote Originally Posted by matt40k View Post
    Is this the one that basically hacks straight into the data tables and extracts the data... I would rather recommend using a SIMS report or finding something\building something the uses the SIMS API\Business Objects so I don't end up with a large build from Capita.
    Yes, although I didn't bother with creating the view in the database, just created a read only user so it can't break anything. Thus no, I assume you meant, bill. Reenabling works now too.

  10. #8

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,434
    Thank Post
    368
    Thanked 646 Times in 528 Posts
    Rep Power
    159
    Oops yer, large bill

    Ok, so that's not so bad, you just ignoring the SIMS auditing and permissions. Sorry, still don't get why people don't use SIMS reports or the API. Suppose I'll have to write something before people stop.

  11. #9


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,653
    Thank Post
    275
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    Can AD provisioning / any of the tools assign security groups, homedirs, profiles etc based on a template or does it just create a user account?

    And is AD at the whim of bad data from SIMS, or can we lock down certain things so it's write-once from SIMS?
    Last edited by pete; 20th October 2011 at 09:58 AM.

  12. #10


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,653
    Thank Post
    275
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    Quote Originally Posted by dhomer View Post
    B) it would be a nightmare seeings data seems to get typed into SIMS quickly and then corrected later (or am I being a bit harsh?)
    B is unfortunately accurate (IME). And frankly it's easier for me to manually export a .csv, sling in a couple of formula, re-export .csv and then use csvde or Powershell to create the accounts.

    Allowing a name change in SIMS to change things in AD is not on. Say Jenny Smith becomes Jenny Bloggs... we need to change:

    Username
    Autocreated Homedir (and shift contents if more than a rename)
    Email address
    Create alias for old address

    And we also need to warn Jenny Bloggs (ne Smith) when her username will change so she's not stuck trying to use the old username in front of a class.

    Now if you had a "these changes are pending from SIMS - do you want to allow / reject / mark as idiotic?" functionality - maybe.

  13. #11

    Join Date
    Aug 2011
    Location
    Oxford
    Posts
    10
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Hmmmm interesting... so we'd have to store the MIS identifier in Active Directory somewhere (so that we know the data we just had about Jenny Bloggs is actually jsmith in Active Directory)

    We could have a profile "Change Username" that does the tasks you mention (moving data, creating an alias etc)

    OK sorry for the polling :-) but another question... how useful would the two options be that

    A) The data from the MIS is automatically sent to the software and you are prompted that a username change is required ("Would you like to authorise?") and the changes are made automatically.

    B) You are told of the name change (by the MIS admin) and you (or they) fill in a form, selecting the user and enter the updated firstname and surname and the changes are made automatically.


    Thanks again,

    Dave

  14. #12
    TheScarfedOne's Avatar
    Join Date
    Apr 2007
    Location
    Plymouth, Devon
    Posts
    1,145
    Thank Post
    677
    Thanked 169 Times in 154 Posts
    Blog Entries
    78
    Rep Power
    85
    This software exists already as has been noted ... Salamander. Get in touch with @rpwillis, he is very helpful.

  15. Thanks to TheScarfedOne from:

    rpwillis (26th October 2011)

  16. #13

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,434
    Thank Post
    368
    Thanked 646 Times in 528 Posts
    Rep Power
    159
    £0

    If you hope to acheive £500 you'll have to have a proper SIMS (and other MIS) link - ie you can cope with names, UPN etc changing, or even getting completely deleted! Like others have said, SamanaderSoft has already done it, so it'll be difficult.

  17. #14

    Join Date
    Aug 2011
    Location
    Oxford
    Posts
    10
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Hi Matt,

    That's great thanks for your comments - interesting ideas.


    Thanks,


    Dave
    CENTREL Solutions

SHARE:
+ Post New Thread

Similar Threads

  1. Best Practices: LDAP/Active Directory and Account Provisioning
    By cgabbadon in forum How do you do....it?
    Replies: 5
    Last Post: 16th December 2010, 10:48 AM
  2. Query Active Directory through asp page
    By KarlGoddard in forum Web Development
    Replies: 19
    Last Post: 22nd February 2006, 12:15 PM
  3. Replies: 1
    Last Post: 16th February 2006, 08:40 AM
  4. Authenticating MRBS against Active Directory using LDAP
    By Wizzer in forum Web Development
    Replies: 2
    Last Post: 26th January 2006, 04:21 PM
  5. Setting up test scenario on Server 2003/Active Directory/GPO
    By tosca925 in forum How do you do....it?
    Replies: 20
    Last Post: 24th January 2006, 11:38 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •