User Management Resource Administrator

Features

User Management Resource Administrator is a visual scripting tool which enables you to perform complex user resource management tasks, such as automated user and home directory creation, or mass assigning Microsoft Exchange mail boxes, without having to write a single line of script code.  Read more about actions.

Click here for an overview of all available actions.

Solutions

User Management Resource Administrator is the perfect and affordable solution for any user account management task where you would normally quickly resort to scripting.  The visual scripting and delegation engine gives you the power to:

  • Perform one-day user and resource migration
  • Mass move users to new Organisational Unit locations
  • Deploy Exchange 2000 & 2003 mailboxes
  • Create home directories and permissions for thousands of users
  • Have your helpdesk reset passwords
  • Have your IT department unlock or disable accounts
  • Delegate tasks to create user accounts with home directories and mailboxes

Features - User Management Resource Administrator

  • Supports all editions of Windows NT - XP - 2000 - 2003
  • Supports Active Directory
  • Supports Exchange 2000 and 2003
  • Supports all Active Directory attributes
  • Supports Windows Terminal Server
  • Zero script knowledge required
  • Name generation and duplicate handling
  • Strong password generation
  • Use CSV input for mass create-update-delete batch jobs
  • Run mass batch jobs directly on your Active Directory
  • Advanced job simulation and logging
  • Delegate administrative tasks to helpdesk users
  • Create custom user interface for delegated tasks
  • Includes a Windows Forms client for helpdesk users

Active Directory user account creation & modification

  • Create user account, create contact, create group
  • Edit all user account, contact and group attributes
  • Change account logon settings
  • Assign user account, contact group memberships, nest groups
  • Delete user account
  • Move user account
  • Rename user account
  • Export user account, contact and group attributes

Windows NT4 user account creation & modification

  • Create user account
  • Edit user account settings
  • Change account logon settings
  • Assign user account group memberships
  • Account local group configuration
  • Delete user account

Exchange 2000 and 2003

  • Create mailbox
  • Set mailbox permissions, assign associated external account
  • Manage mailbox settings
  • Configure recipient settings for message and mailbox size
  • Delete mailbox

General user settings

  • Manage Terminal Service settings for Active Directory & NT4
  • Manage Dial-in settings for Active Directory & NT4

File system

  • Create directory
  • Assign file & folder permissions
  • Share directory
  • Copy directory and data
  • Delete directory


Migration

User Management Resource Administrator's ability to mass create and update user accounts makes it the ideal migration companion instead of traditional scripting solutions.  The flexibility offered by our visual scripting engine, but without requiring script development and maintenance, makes User Management Resource Administrator far more attractive than any migration solution on the market available today.

"Last summer we migrated our entire network from Windows NT to Windows 2003 in 7 weeks, using Windows XP for the workstations.  One last job was left: In 2 days time, 300 colleagues and 3000 students would need to access the network.  This meant that the user accounts would have to be created in Active Directory, put into the right OU and assigned to security groups.  2 days later, before the deadline, User Management Resource Administrator had succeeded in completely creating and configuring all user accounts and resources."
- Peter van den Hoek - Calvijn College

Complete user and resource migration in one day!  

User Management Resource Administrator is the #1 solution to perform the following migration steps according to your specific company requirements.  All below actions can be combined in a single batch run using CSV input:

CSV input

  • Step 1: Create new user accounts - Use input from a CSV-style text file containing minimal information such as firstname and lastname to create fully qualified Active Directory user accounts based on advanced username and displayname generation with duplicate handling.  Learn more...  
  • Step 2: Configure OU assignment - Configure variable mappings to assign Organisational Unit containers for new user accounts.  Use variables such as location or department fields in your CSV and map these easily onto OUs.  Learn more...  
  • Step 3: Set group memberships - Assign single or multiple group memberships for your new user accounts, based on fixed group names or variable group name mappings using input from your CSV file.  Learn more...
  • Step 4: Create home directories and set permissions - Create home directories for your new or existing user accounts, optionally share them and set permissions on the folders using the same easy layout as the Windows explorer.  Learn more...  
  • Step 5: Set Terminal Server settings - Configure Terminal Server specific settings such as additional TS profile and server for your new or existing user accounts.  Learn more...  
  • Step 6: Create Exchange mailbox - Create Exchange 2000 or 2003 mailboxes for new or existing user accounts in the Active Directory.  Optionally you can modify the permissions on the newly created mailbox.  Advanced formatting capabilities are offered for the primairy and secondary (proxy) e-mail addresses.  Learn more...  
  • Step 7: Specify additional Active Directory attribute information - Use any additional input from your CSV file to set additional Active Directory attributes such as phone and address information or special attributes for custom applications.  All available AD attributes are supported.  Learn more...  


Mass Updating

The MASS module allows you to make very complex modifications to your Active Directory and your network in bulk.  MASS can help you where other tools have to stop because of the complexity involved (e.g.  multi select in ADUC 2003, command tools from Microsoft (CSVE), Hyena, etc.).  Click here for a 5 step overview on how to set up and run a MASS project.  

Example:

You have an import csv file with 1000 user accounts (First Name, Last Name, Middle Name).  Using 6 simple User Management Resource Administrator actions you can import the new users with Exchange email accounts, home directories, random passwords, Dial-in permissions, Windows Terminal Server settings, global group memberships, and profile directories.

Why you should consider using MASS:

  • You cannot accomplish your task using scripts or other tools.  
  • You need input support for: CSV-file, AD, LDAP, or ODBC.  
  • You want guaranteed support for all Active Directory and network objects.  
  • You want a simple drag-and-drop interface with more than 160 script actions to deal with virtually any user management task.

More than 25 examples to use MASS:

Managing Accounts examples

  • Bulk creation of accounts in SAM, AD 2000 AD 2003 and network resources
  • Handling duplicate user names according to company policies
  • Generating random passwords
  • Mass update of a single attribute
  • Resetting passwords for multiple accounts
  • Migrating accounts from one domain to another
  • Moving users across OUs and child domains
  • Renaming user accounts
  • Managing local (non-domain) accounts

Exchange examples
  • Managing mail enabled contacts
  • Moving Exchange mailboxes to a new server
  • Managing alias email addresses for Exchange

Managing Groups examples

  • Managing Active Directory security groups
  • Managing Active Directory distribution groups
  • Managing primary group memberships

Reports examples

  • Creating a user group membership report with database storage
  • Creating a report on locked-out or disabled users

File system examples
  • Creating home directories with permissions
  • Creating user home shares with permissions
  • Moving home directories to a new server
  • Resetting permissions on all home directories

Advanced examples

  • Setting hidden or schema extended Active Directory attributes
  • Exporting or importing account information to/from a database
  • Working with multiple domain controllers
  • Resetting the administrator password on all workstations in the network.  
  • Creating user accounts from CSV and template users


Forms and Delegation

Does your organisation have a helpdesk?  And do you want to delegate as many user management tasks as possible to your helpdesk?  If you want to address these needs using the standard Microsoft toolset, you have a limited set of options:

  • Setting up manual procedures.  
  • Using Delegation of control and MMC snap-ins.  
  • Developing scripts.  

Each of these options is complex and time consuming to implement.  In addition, it often turns out that certain aspects of user management (like security) are almost impossible to manage using this standard toolset.

Using FORMS & DELEGATION, you can easily implement the required type of user account management and customise it to the specific needs of your organisation.

The administrator is offered an environment in which templates and forms can be created to deal with a specific user management task.  The form is in turn delegated to the Helpdesk user (or another delegate user).

The Helpdesk user can only perform the tasks he has been given access to.   FORMS & DELEGATION comes with a wealth of template actions and sample forms to tackle virtually any user management task.  Each part of these sample forms can easily be customised for your specific needs.

How to manage the User Account Life Cycle?

Create user

The whole account is created by using one form only.  The helpdesk employee only needs to fill in the relevant parameters: “first name, last name and job title” and everything is created according to the predefined template: no effort, no errors.  

Reset password

Forms and Delegation offers the option to reset a password, unlocks the account if necessary, and forces the end user to provide a unique password for the next logon session.  All without the helpdesk operator having to type or confirm a single keystroke.  Various statistics are available, but we have determined that between 35% and 45% of all helpdesk calls are related to this task.

Edit user

The most commonly changed items are group memberships and address information.  Managing group memberships can be very complex and few companies have a solid solution.  Common practice is to use manual procedures to grant and revoke group memberships.  In a scenario where every job title is associated with 10 to 15 different group memberships in an organisation with more than 20 different job titles, this would result in a very long lookup matrix.

Rename user

Relevant when dealing with female divorced employees.  You want to preserve the SID of the user instead of deleting it and creating an account from scratch.

Move user

In a multiple site environment it is common that every site has its own home-dir server, DC, child domain and group settings.  Moving a user from 1 site to another is complex if all security settings and data (home and email) have to be maintained.  This is especially true if the sites are managed by their own helpdesk/sysadmins under a restricted security context.



Automation

AUTOMATION offers synchronisation of user acount information across Active Directory, Unix, Novell, and many other information systems.  Tools4ever delivers many out of the box connectors.   See the list below:

  • Any system running on an OLEDB database – Oracle, SQL Server, Sybase, Progress, etc.  
  • Any system supporting LDAP.  
  • Any programming language supporting COM.  
  • Novell NDS
  • VAX VMS
  • IBM AS/400
  • Tandem
  • Linux/Unix
  • LDAP
  • OpenLDAP
  • SAP HR
  • RAET Beaufort
  • Peoplesoft
  • Phone system - Siemens
  • Phone system - Philips
  • Student Information System - Schoolmaster Magister
  • Student Information System - Simac IOsys @VO
  • Student Information System - SIMS
  • Student Information System - CMIS
  • Webportals – IIS with integrated security

Example

An employee leaves the company, the mutation gets processed in PeopleSoft Enterprise (this is a HR-system) and will then be automatically processed in Active Directory and other directories and applications.  This ensures that former employees do not gain access to the company network.  

The challenge

User Account Information is stored and maintained in multiple information systems before it is entered or changed in Active Directory or other user directory.  Organisations re-enter the information over-and-over again, resulting in costly labor overhead and out of sync account information (when using manual processes, sooner or later pollution will occur).

The solution

You may consider purchasing an Identity Management System (e.g.  MIIS or Idm 3.0) but this will take long (weeks or even months) to implement.  You could also develop a custom application.  This will always take longer to implement than expected and you will most likely be confronted with severe technical Active Directory issues.

With AUTOMATION you only need to set up the interface once and define the mapping between the account information and the structure of your Active Directory (e.g.  OU structure, group memberships, account naming conventions.  etc.).  This can easily be achieved, depending on the complexity of your Active Directory.  You can do this yourself or one of our consultants will support you.  The mapping is done using an easy drag-and-drop graphical interface and does not require any ADSI or Active Directory knowledge at all.  



Printed from www.pnltools.com
© 2008 PNLTools Limited. All rights reserved