A 6,500 employee company that provides professional services and technology solutions in energy and climate change to government and commercial clients had a problem. The scripts that they relied on to manage accounts in Active Directory, based on twice daily PeopleSoft dumps, were becoming tedious to maintain and with the imminent departure of the head programmer, an off the shelf solution became imperative.
The details of the requirements were quickly relayed and a proof of concept was established in the client’s environment. Basically the information from PeopleSoft was utilized to implement account lifecycle management for employees while web forms were created to manage contractors. Employees needed an Active Directory account, Exchange 2007 mailbox, a base set of group memberships, and the proper OU container, were to be based on location codes. Approximately 10 attributes including office address and phone number need to be set as well.
As information in the file changes, such as location or specific attributes, the AD account needed to be updated and if necessary, re-provisioned with new groups and moved to a different OU. If the terminate date field was set in PeopleSoft, the account needed to be disabled, hidden form the GAL and moved to a specific OU. Every time an account is created, modified or disabled, an export file is generated by User Management to feed back relevant data to PeopleSoft.
While the automated process easily handled the direct employees, the company also had a large population of contractors that were never entered into PeopleSoft. To address this, web forms were created and deployed to hiring managers. The form contained the fields necessary to create an AD and, if required, Exchange mailbox. All contractor accounts are set to expire after 90 days and the hiring manager is notified 2 weeks before account expiration. A second form is available to allow the manager to easily extend the timeframe. If no action is taken, the account is disabled automatically and the hiring manager is again notified.
All told, the implementation of both the automated process and the web forms required about 3-4 days of work by a Tools4ever consultant. After through testing, the product was tolled out company wide. As an added benefit, the customer was able to implement Tools4ever’s Self Service Reset Password Manager to reduce the most common call to the help desk.
