That's a valid point about where the responsibility should lie. I think Matt's idea of a custom DB that HR and AD pull from is a good idea. I suppose it could be entered via a webpage that only HR can access. Can it somehow automatically create the account when they submit it? Do you see any security risk in doing so? Is anyone already doing this? Roger Riggins Network Administrator Lutheran Services in Iowa w: 319.859.3543 c: 319.290.5687 http://www.lsiowa.org -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Evan Mann Sent: Friday, October 21, 2005 10:05 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: HR info in AD I'd suggest you take the info from HR's system and not have HR's system take your information. IT should have no responsibility for accuracy of that information. At my company, we have an automated system that checks for new entries in HR's sytem and sends an e-mail. The HR system is not the actual system (ADP) but a custom database system our MIS department created and it's a SQL backend I take the info from the e-mail and create a new user account. The e-mail provides the office, department, and title. I also type in the phone number for that office and the address. If the info comes over incorrectly from HR, then it goes into AD incorrectly, and HR is at fault, not IT. I've had over 3000 hires/terminations in the past 3 years, and I still do it all by hand, just me, with occasional help from 1 person. Automating it would probably save me 2 hours time per week, but I just haven't gotten around to it. ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Roger Riggins Sent: Friday, October 21, 2005 10:48 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] OT: HR info in AD Sorry for the OT, just trying to find out how others are doing this: We're having some growing pains. Our process for new hires/terminations is not working very well. We have an HR package that maintains all user demographics and is entered when the employee is hired. Then they come to us to create an account for them, which has no demographic information. When the employee is terminated, we sometimes aren't even notified so the accounts aren't removed in a timely manner. Then we add them to a web based phonebook, so that staff are able to locate each other. Obviously we're entering the same data more than once. I'd like to see all demographic information in AD, but am unsure if I should pull it from the HR package or enter it into AD and then pull it into the HR package. How are you doing the imports/exports? It'd be helpful to have this info in AD. I'd also like to find out what processes you guys are doing to automate or streamline account creation/removal when employees are hired/terminated and ensure that none are missed. Thanks for any info you're willing to share. Roger Riggins Network Administrator Lutheran Services in Iowa w: 319.859.3543 c: 319.290.5687 http://www.lsiowa.org