• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Off Topic - Automatically provisioning AD accounts from SIS & EIS

    Scheduled Pinned Locked Moved
    General
    5
    8
    2.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • RobertDR
      RobertD
      last edited by RobertD

      Hello fellow gurus,
      This is not a FOG related question, but thought this may be a good place to pose this question as it seems many of you also work for school districts and have to deal with the unique situations that we often do.

      For years we have been provisioning (batch script) our student and employee Active Directory accounts using our own home brew methods based on data extracted from our Student Information System (SIS) and Employee Information System (EIS). Although this has worked sometimes things get out of “sync” as it’s not really a two way road. AD commands are just sent to our DCs and we hope everything executes properly. To remedy this I have built a .NET desktop application that pulls AD users, memberships, etc and compares them to what they should, then re-issue commands to fix any of the discovered discrepancies. Most of this work is done in SQL.

      My question to you all is what are you using to provision user accounts in Active Directory when the source is the SIS and EIS(SQL)?

      Operating requirements:
      • Process must generate unique student and employee usernames. Employee usernames can never be reissued (even if the employee leaves the district).
      • Users must be placed in the appropriate OU according to their associated building in the SIS or EIS.
      • Users must be automatically made members of security groups based on data in SIS and EIS: associated building, associated grade level, job status code(employees)
      • User object attributes must be automatically populated: First Name, Sur Name, Department, Phone, Description, etc.
      • User home directory must be created and NTFS permissions set. If the user moves building their home directory must be moved also and permissions set once again.
      • Of course all memberships, object locations, home directory, etc will have to be updated if the user moves buildings, changes name, building, grade level, etc.

      1 Reply Last reply Reply Quote 0
      • george1421G
        george1421 Moderator
        last edited by

        While I can’t offer an answer directly to you, I would suggest that you post your question to the Spiceworks Community too. While there are quite a few people on the FOG forum that work in school districts, you will get much more exposure to your question on Spiceworks. (over 5 million subscribers with 100’s of active people).

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        RobertDR 1 Reply Last reply Reply Quote 0
        • RobertDR
          RobertD @george1421
          last edited by

          @george1421 Great suggestion! Will do.

          george1421G 1 Reply Last reply Reply Quote 0
          • george1421G
            george1421 Moderator @RobertD
            last edited by

            @RobertD Hopefully there is an off-the-shelf solution for this. If not you are on the right path with the .net stuff. We have a similar requirement for employees where their ID format is never issued again if they leave the company (unless they come back). I can go into the process we use for that. As for the students I have a few ideas, but it would be great to see if there is already a built kit you can use instead of rolling your own.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

            1 Reply Last reply Reply Quote 0
            • Wayne WorkmanW
              Wayne Workman
              last edited by Wayne Workman

              I created a free an open source solution called Jane that does exactly what you need.

              It takes info from SIS, and then produces powershell on a per-domain, per group, per settings-set basis to create and update AD users across multiple domains. It’s 100% automated and incredibly secure. With intense user controls, unlike fog (no offense Tom).

              We’re using it now. Message me for details.

              Jane can do all this you asked.

              Process must generate unique student and employee usernames. Employee usernames can never be reissued (even if the employee leaves the district).
              • Users must be placed in the appropriate OU according to their associated building in the SIS or EIS.
              • Users must be automatically made members of security groups based on data in SIS and EIS: associated building, associated grade level, job status code(employees)
              • User object attributes must be automatically populated: First Name, Sur Name, Department, Phone, Description, etc.
              • User home directory must be created and NTFS permissions set. If the user moves building their home directory must be moved also and permissions set once again.
              • Of course all memberships, object locations, home directory, etc will have to be updated if the user moves buildings, changes name, building, grade level, etc.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
              Daily Clean Installation Results:
              https://fogtesting.fogproject.us/
              FOG Reporting:
              https://fog-external-reporting-results.fogproject.us/

              fry_pF 1 Reply Last reply Reply Quote 2
              • fry_pF
                fry_p Moderator @Wayne Workman
                last edited by

                @Wayne-Workman I am interested in something like this. We have a student information database we can access from what I believe to be the state. Our challenge is moving toward individual student logins that then translates using GADS (google ad sync) to create google accounts. The caveat is that it needs to be granular enough to put into different grade levels, graduating classes and deactivate ones that have graduated, etc. My colleague successfully converted some Perl script he found into Powershell and we think this will work (if I fully understand what is going on). What types of databases does your solution interface to? I’d have to get more info on the state’s database, plus we are confident that the script will work, but I’d like to have this in my back pocket or suggest it as an alternative to a homemade script. I would be very interested if you could message me info on this.

                Like open source community computing? Why not do it for a good cause?
                Use your computer/server for humanitarian projects when it is idle!
                https://join.worldcommunitygrid.org?recruiterId=1026912

                Wayne WorkmanW 1 Reply Last reply Reply Quote 0
                • Wayne WorkmanW
                  Wayne Workman @fry_p
                  last edited by

                  @fry_p It is designed to be modular, and to accept data from one or many sources. the management of many accounts on many domains in Active Directory on a granular level is working. It’s designed in such a way that modules can be added by community members to manage accounts on other platforms, the next two I’ll be working on are Open Directory (mac land), and Alexandria - a librarian application that is popular among schools. I plan to eventually create a module for Google account management but I am only one man and have limited free time.

                  My boss has given me permission to develop Jane while at work, so I’ll probably do a whole lot more work after August passes. I’m trying to put together an installer now, not that Jane is difficult to install (currently).

                  The code base is on github, it’s free and open, GPLv3.
                  https://github.com/wayneworkman/jane

                  I built this from scratch back in January/February/March. I’ve been tweaking it since then and making improvements, testing, so on.

                  “Developers Wanted”

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                  Daily Clean Installation Results:
                  https://fogtesting.fogproject.us/
                  FOG Reporting:
                  https://fog-external-reporting-results.fogproject.us/

                  1 Reply Last reply Reply Quote 0
                  • P
                    pwyatt
                    last edited by

                    Would anyone happen to have any info on the open source software “Jane” that Wayne Workman mentioned? Any help would greatly be appreciated.

                    1 Reply Last reply Reply Quote 0
                    • 1 / 1
                    • First post
                      Last post

                    134

                    Online

                    11.7k

                    Users

                    17.2k

                    Topics

                    154.7k

                    Posts
                    Copyright © 2012-2024 FOG Project