Tools4ever’s UMRA (User Management Resource Administrator) automation module is a powerful solution to synchronize two different directory services together. In a typical automation project, we decide that one of the systems is the authority. This is what we refer to as a one-way sync. Information is pushed down from one system to the other. Typically we are working with a student information or HR system as the source data and pushing down to Active Directory.
One of the very first steps in accomplishing this synchronization is data standardization. That is, how would the UMRA identify that user with student ID 12345 is actually John Doe in OU A? The answer is we must establish an anchor between the two systems. The best way to go is usually the employee or student ID number in the information system.
When we begin development, we need to do our best to populate the existing user accounts in Active Directory. This can be a time consuming task if it were not for the UMRA. A standardization project can be developed to first search AD based on first name and last name, and perhaps some other identifying information to then populate the AD account’s employeeID LDAP attribute. This should get us about 90-95% of the way there. There are always a few that we may not be able to match up. In that case we would need to either manually update them, or create a CSV file with ID number and username and run that through a quick mass update.
Now that we have established an anchor between the information system and Active Directory, we can proceed in developing the rest of the automation process. This anchor ensures that no duplicate accounts are created and that we have matched up the correct person with the correct AD account.
One final note, always remember to back up your UMRA projects!
No comments:
Post a Comment