[THIN] Re: OT: HR info in AD

• From: "Evan Mann" <emann@xxxxxxxxxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Fri, 21 Oct 2005 11:37:38 -0400

I like the web page idea, I may have to do that.  My HR department likes
to change titles in the custom DB we use but not set the flag to
"notify" which is how I get updates and update AD.  If they have a web
page that can update the appropriate AD fields, I can put full
responsibility on them, which is the way I like it.

You can use a few different methods of scripting to automatically create
and/or delete AD accounts.  You just need to have something that runs on
a trigger (such as an e-mail) and then picks out info and populates
fields in AD.  

I would not automated deletion of accounts, but rather automate removal
of all their logon hours or disable the account (disabling on E2000 or
E2003 stops e-mail deliver as well, unless you give permission to
external sender, so I suggest remove logon hours and perhaps hide it).

Auto creation isn't a big deal, but it can become a huge task depending
on your setup.  I have 80 offices, different lists for each, different
lists based on division within the company, office, and job title.
There's A LOT of logic to process to automate it in my situation, and it
hasn't been worth the time to figure it out. I find it easier to just do
it manually.  Heck, I don't even setup my E2003 recipient policies
properly to auto populate the appropriate 1 of 15 e-mail domains, even
though that's easy.  I guess I'm a stickler for the hard way sometimes.

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Roger Riggins
Sent: Friday, October 21, 2005 11:26 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: HR info in AD



That's a valid point about where the responsibility should lie. I think
Matt's idea of a custom DB that HR and AD pull from is a good idea. I
suppose it could be entered via a webpage that only HR can access. Can
it somehow automatically create the account when they submit it? Do you
see any security risk in doing so?

 

Is anyone already doing this? 

 

Roger Riggins   
Network Administrator 
Lutheran Services in Iowa 
w: 319.859.3543 
c: 319.290.5687 
http://www.lsiowa.org 

  

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Evan Mann
Sent: Friday, October 21, 2005 10:05 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: HR info in AD

 

I'd suggest you take the info from HR's system and not have HR's system
take your information.  IT should have no responsibility for accuracy of
that information.


At my company, we have an automated system that checks for new entries
in HR's sytem and sends an e-mail.  The HR system is not the actual
system (ADP) but a custom database system our MIS department created and
it's a SQL backend  I take the info from the e-mail and create a new
user account.  The e-mail provides the office, department, and title.  I
also type in the phone number for that office and the address.  

 

If the info comes over incorrectly from HR, then it goes into AD
incorrectly, and HR is at fault, not IT.

 

I've had over 3000 hires/terminations in the past 3 years, and I still
do it all by hand, just me, with occasional help from 1 person.
Automating it would probably save me 2 hours time per week, but I just
haven't gotten around to it. 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Roger Riggins
Sent: Friday, October 21, 2005 10:48 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] OT: HR info in AD

Sorry for the OT, just trying to find out how others are doing this:

We're having some growing pains. Our process for new hires/terminations
is not working very well. We have an HR package that maintains all user
demographics and is entered when the employee is hired. Then they come
to us to create an account for them, which has no demographic
information. When the employee is terminated, we sometimes aren't even
notified so the accounts aren't removed in a timely manner. Then we add
them to a web based phonebook, so that staff are able to locate each
other. Obviously we're entering the same data more than once.

I'd like to see all demographic information in AD, but am unsure if I
should pull it from the HR package or enter it into AD and then pull it
into the HR package. How are you doing the imports/exports? It'd be
helpful to have this info in AD. I'd also like to find out what
processes you guys are doing to automate or streamline account
creation/removal when employees are hired/terminated and ensure that
none are missed.

Thanks for any info you're willing to share.

Roger Riggins   

Network Administrator

Lutheran Services in Iowa

w: 319.859.3543

c: 319.290.5687

http://www.lsiowa.org

 

• Follow-Ups:
  • [THIN] Re: OT: HR info in AD
    • From: Jeremy Saunders

Other related posts:

• » [THIN] OT: HR info in AD
• » [THIN] Re: OT: HR info in AD
• » [THIN] Re: OT: HR info in AD
• » [THIN] Re: OT: HR info in AD
• » [THIN] Re: OT: HR info in AD
• » [THIN] Re: OT: HR info in AD
• » [THIN] Re: OT: HR info in AD
• » [THIN] Re: OT: HR info in AD
• » [THIN] Re: OT: HR info in AD
• » [THIN] Re: OT: HR info in AD
• » [THIN] Re: OT: HR info in AD
• » [THIN] Re: OT: HR info in AD

1. Home
2. thin
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---