[THIN] Re: OT: HR info in AD
- From: "Braebaum, Neil" <Neil.Braebaum@xxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Tue, 25 Oct 2005 10:26:33 +0100
Dunno about the Novell thing, but it's one of the things Microsoft and
Sun are in "partnership" about ;-)
Next thing you know, and Sun will be producing intel kit that you can
run Windows on... ;-)
Neil
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Howarth
> Sent: 25 October 2005 10:07
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: OT: HR info in AD
>
> I think you will find that it is the term used by Novell and
> even Mircosoft as well.
>
> On 25/10/05, Braebaum, Neil <Neil.Braebaum@xxxxxxxxxxxxxxxxx> wrote:
> > It's not just what *they* call it - it's a term used by
> others, as well.
> > Sun seem to be doing a fair amount of work in this arena,
> and I think
> > they may well use just that very term ;-)
> >
> > Neil
> >
> > > -----Original Message-----
> > > From: thin-bounce@xxxxxxxxxxxxx
> > > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of George Yobst
> > > Sent: 24 October 2005 23:03
> > > To: thin@xxxxxxxxxxxxx
> > > Subject: [THIN] Re: OT: HR info in AD
> > >
> > > Infoworld just did a few articles on what they call Identity
> > > Management.
> > >
> > > http://www.infoworld.com/print_issue/archive/2005_41.html
> > >
> > > On 10/21/05, Tom Howarth <tom.howarth@xxxxxxxxx> wrote:
> > >
> > > if the HR Application is LDAP or AD integrated you could
> > > utilise
> > > openldap. MIIS is quite expensive and has a heavy leaning
> > > curve.
> > >
> > > On 21/10/05, Jeremy Saunders
> > > <jeremy.saunders@xxxxxxxxxxx> wrote:
> > > >
> > > >
> > > >
> > > >
> > > > Use a provisioning tool such as MIIS (Microsoft Identity
> > > Integration
> > > > Server). When someone has been Terminated, and a
> value/flag
> > > has been
> > > > changed in the HR system, it could automatically disable
> > > their accounts,
> > > > etc.
> > > >
> > > > It's very cool software, but not cheap.
> > > >
> > > > The other way of doing it is to get the HR system
> to do some
> > > database dump
> > > > to a CSV file. Then write a script to read from
> that file,
> > > look for that
> > > > flag, and then disable the account, change their
> title, etc,
> > > in AD.
> > > >
> > > > Cheers.
> > > >
> > > > Kind regards,
> > > >
> > > >
> > > > "Evan Mann"
> > > > <emann@pinnaclefi
> > > > nancial.com>
> > > To
> > > > Sent by: <thin@xxxxxxxxxxxxx>
> > > > thin-bounce@freel
> > > cc
> > > > ists.org
> > > >
> > > Subject
> > > > [THIN] Re: OT:
> > > HR info in AD
> > > > 21/10/2005 11:37
> > > > PM
> > > >
> > > >
> > > > Please respond to
> > > > thin
> > > >
> > > > I like the web page idea, I may have to do that. My HR
> > > department likes to
> > > > change titles in the custom DB we use but not set
> the flag
> > > to "notify"
> > > > which is how I get updates and update AD. If they have a
> > > web page that can
> > > > update the appropriate AD fields, I can put full
> > > responsibility on them,
> > > > which is the way I like it.
> > > >
> > > > You can use a few different methods of scripting to
> > > automatically create
> > > > and/or delete AD accounts. You just need to have
> something
> > > that runs on a
> > > > trigger (such as an e-mail) and then picks out info and
> > > populates fields in
> > > > AD.
> > > >
> > > > I would not automated deletion of accounts, but rather
> > > automate removal of
> > > > all their logon hours or disable the account
> (disabling on
> > > E2000 or E2003
> > > > stops e-mail deliver as well, unless you give
> permission to
> > > external
> > > > sender, so I suggest remove logon hours and
> perhaps hide it).
> > > >
> > > > Auto creation isn't a big deal, but it can become a huge
> > > task depending on
> > > > your setup. I have 80 offices, different lists for each,
> > > different lists
> > > > based on division within the company, office, and
> job title.
> > > There's A LOT
> > > > of logic to process to automate it in my
> situation, and it
> > > hasn't been
> > > > worth the time to figure it out. I find it easier
> to just do
> > > it manually.
> > > > Heck, I don't even setup my E2003 recipient policies
> > > properly to auto
> > > > populate the appropriate 1 of 15 e-mail domains,
> even though
> > > that's easy.
> > > > I guess I'm a stickler for the hard way sometimes.
> > > >
> > > > From: thin-bounce@xxxxxxxxxxxxx
> > > [mailto:thin-bounce@xxxxxxxxxxxxx] On
> > > > Behalf Of Roger Riggins
> > > > Sent: Friday, October 21, 2005 11:26 AM
> > > > To: thin@xxxxxxxxxxxxx
> > > > Subject: [THIN] Re: OT: HR info in AD
> > > >
> > > > That's a valid point about where the
> responsibility should
> > > lie. I think
> > > > Matt's idea of a custom DB that HR and AD pull from is a
> > > good idea. I
> > > > suppose it could be entered via a webpage that
> only HR can
> > > access. Can it
> > > > somehow automatically create the account when they submit
> > > it? Do you see
> > > > any security risk in doing so?
> > > >
> > > > Is anyone already doing this?
> > > >
> > > > -----Original Message-----
> > > > From: thin-bounce@xxxxxxxxxxxxx
> > > [mailto:thin-bounce@xxxxxxxxxxxxx ] On
> > > > Behalf Of Evan Mann
> > > > Sent: Friday, October 21, 2005 10:05 AM
> > > > To: thin@xxxxxxxxxxxxx
> > > > Subject: [THIN] Re: OT: HR info in AD
> > > >
> > > > I'd suggest you take the info from HR's system
> > > and not have HR's
> > > > system take your information. IT should have no
> > > responsibility for
> > > > accuracy of that information.
> > > >
> > > > At my company, we have an automated system that
> > > checks for new
> > > > entries in HR's sytem and sends an e-mail. The
> > > HR system is not the
> > > > actual system (ADP) but a custom database system
> > > our MIS department
> > > > created and it's a SQL backend I take the info
> > > from the e-mail and
> > > > create a new user account. The e-mail provides
> > > the office,
> > > > department, and title. I also type in the phone
> > > number for that
> > > > office and the address.
> > > >
> > > > If the info comes over incorrectly from HR, then
> > > it goes into AD
> > > > incorrectly, and HR is at fault, not IT.
> > > >
> > > > I've had over 3000 hires/terminations in the
> > > past 3 years, and I
> > > > still do it all by hand, just me, with
> > > occasional help from 1 person.
> > > > Automating it would probably save me 2 hours
> > > time per week, but I
> > > > just haven't gotten around to it.
> > > >
> > > > From: thin-bounce@xxxxxxxxxxxxx
> > > [mailto:thin-bounce@xxxxxxxxxxxxx] On
> > > > Behalf Of Roger Riggins
> > > > Sent: Friday, October 21, 2005 10:48 AM
> > > > To: thin@xxxxxxxxxxxxx
> > > > Subject: [THIN] OT: HR info in AD
> > > >
> > > >
> > > > Sorry for the OT, just trying to find out how
> > > others are doing this:
> > > >
> > > >
> > > > We're having some growing pains. Our process for new
> > > > hires/terminations is not working very well. We
> > > have an HR package
> > > > that maintains all user demographics and is
> > > entered when the employee
> > > > is hired. Then they come to us to create an
> > > account for them, which
> > > > has no demographic information. When the
> > > employee is terminated, we
> > > > sometimes aren't even notified so the accounts
> > > aren't removed in a
> > > > timely manner. Then we add them to a web based
> > > phonebook, so that
> > > > staff are able to locate each other. Obviously
> > > we're entering the
> > > > same data more than once.
> > > >
> > > >
> > > > I'd like to see all demographic information in
> > > AD, but am unsure if I
> > > > should pull it from the HR package or enter it
> > > into AD and then pull
> > > > it into the HR package. How are you doing the
> > > imports/exports? It'd
> > > > be helpful to have this info in AD. I'd also
> > > like to find out what
> > > > processes you guys are doing to automate or
> > > streamline account
> > > > creation/removal when employees are
> > > hired/terminated and ensure that
> > > > none are missed.
> > > >
> > > >
> > > > Thanks for any info you're willing to share.
> > > >
> > > >
> > > > Roger Riggins
> > > >
> > > >
> > > > Network Administrator
> > > >
> > > >
> > > > Lutheran Services in Iowa
> > > >
> > > >
> > > > w: 319.859.3543
> > > >
> > > >
> > > > c: 319.290.5687
> > > >
> > > >
> > > > http://www.lsiowa.org
*****************************************************************************
This email and its attachments are confidential and are intended for the above
named recipient only. If this has come to you in error, please notify the
sender immediately and delete this email from your system. You must take no
action based on this, nor must you copy or disclose it or any part of its
contents to any person or organisation. Statements and opinions contained in
this email may not necessarily represent those of Littlewoods Shop Direct Group
Limited or its subsidiaries. Please note that email communications may be
monitored. The registered office of Littlewoods Shop Direct Group Limited is
100 Old Hall Street Liverpool L70 1AB registered number 5059352
*****************************************************************************
This message has been scanned for viruses by BlackSpider MailControl -
www.blackspider.com
********************************************************
This Weeks Sponsor: Cesura, Inc.
Know about Citrix end-user slowdowns before they know.
Know the probable cause, immediately.
Know it all now with this free white paper.
http://www.cesurasolutions.com/landing/WPBCForCitrix.htm?mc=WETBCC
********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
