Fully automated account / AD management with input from central employee or student database

There are still many organizations that manually manages user accounts and active directory properties, even though they already have all the necessary data for automatic account management in a central employee or student database. Stop wasting time!

With the setup in this example, data from the central database is exported to on one or many Windows NT / 2000 / 2003 servers where user accounts, e-mail addresses and web pages are created, disabled or deleted, all automatically according to database changes.

For those who want a real human to look things over and approve the data, it is also possible to use a semiautomatic approach, in which an Administrator verifies the data in a SetupBatcher grid dialog before it enters the server.

Scenario

·	One central database server sends PGP encrypted e-mail to a number of Windows NT / 2000 / 2003 account servers every day at 02:00 am. (It is possible to transfer data by FTP instead of by e-mail with a minor change in the script.)

·	Each account server has its own e-mail address and its own PGP encryption key pair.

·	The account servers

·

automatically checks their e-mail at 04:00 am

·

verifies sender and decrypts attachments

·

manages user, mail and www accounts

·

prints password sheets

·

writes status to the event log

The use of standard PGP-encrypted e-mail makes the system very flexible - the database server can run any operating system and the account servers can be located anywhere in the world.



Semiautomatic preview dialog, generated by a "data.show" command. (Click column headings to sort.)



Event record from second data file example.



(Windows 2000) AD view after running both example data files.



Home directory in example = birth year / account name.