With schools about to open system administrators a tying all the loose end to confirm their students will have everything necessary to be able to successfully log onto their computer and access all the require drives.
A client recently contacted me in a bit of a panic stating that he has lost all security setting of his students home directory and require immediate assistance to resolve his issue. The client was using the Mass module of User Management Resource Administrator (UMRA) provided by Tools4ever. With the Mass module, I was able to provide the client with a script that will retrieve all his student accounts from active directory, retrieve their home directory from the appropriate active directory attribute, and then push new security setting to each directory.
After completing the support request I decided that this functionality may be useful to others who may have the same issue or who’d like to modify their end users home directory security without having to do it manually.
To create a process to complete the following you will need the Mass module of User Management Resource Administrator (UMRA). Once you have the UMRA console installed and you have applied your license code, you can now create a new Mass project. Within the network tab you can browse for the active directory organizational unit that contains the users whose home directories you’d like to modify. Once you locate the organization unit, you will need to right click and choose “display users”. All user accounts within the organizational unit you have selected will be displayed within the network tab of your mass project. You will now need to provide the LDAP name of the user within a variable. The variable is used to pass the data to the script of your project. To do so you will need to right click on the column that contains the distinguished name of your user and select properties. Within the properties setting you must specify the variable name of the column, you must enclose the variable name “%” (ex %UserODN%).
Now that you are passing the LDAP name to your script, you will need to configure your script to retrieve the account from active directory. This is done by using the “Get User” action. After successfully retrieving the account, you can now retrieve the users’ home directory by using the “Get attribute” action. Within the “Get attribute” you will want to specify “homeDirectory” as the property of the “LDAP attribute display name” and store the value in a variable. With the home directory value store in memory, the next action you will need to use is the “Setup Security”. With this action you can modify the security of the directory by specifying the new security setting and the destination directory value, which is store in a variable from your “Get Attribute” action.
If you are interesting in this solution, or a solution like this, and would like additional information about User Management Resource Administrator (UMRA) please contact your local Tools4ever office.
Tuesday, August 18, 2009
Monday, August 10, 2009
Exchange Load Balance
User Management Resource Administrator (UMRA), provided by Tools4ever, you can create active directory accounts and exchange 2007 mailboxes without using ADUC or the exchange 2007 management console. In addition to creating your mailboxes, UMRA can be configured to automatically load balance your mailboxes across various exchange servers and mail stores during the creation process.
It has recently become a hot commodity for our clients have acquired consulting services to configure the creation of their active directory accounts and exchange 2007 mailboxes with load balance. Before any process is put into place a conference call is completed to review the specifics of the installation. In addition a number of prerequisites are provided to the client, the list of prerequisites must be completed before the installation can be started. When a client requests exchange mailbox load balance it is mandatory to provide a list of exchange servers and mail stores within a SQL, Oracle, or Microsoft Access table in which the load balancing should occur.
When implementing exchange load balancing you cannot select the location of the mail store based only on the current size of the storage group. This is due to the minimal space used within the storage group before the users begins to user their mailbox. Therefore, when a process is created to complete load balancing within a clients’ environment I first rotate through a list of servers and mailboxes, thereafter checking the used space of the location to confirm that the is not extremely higher than any other one. Once the selection fits both criteria the mailbox is created. This functionality is completely customizable and can be processed directly within User Management Resource Administrator (UMRA) no matter if you are using Mass, Form & Delegation, or the Automation module.
If you are interested in User Management Resource Administrator (UMRA) and would like more information about the different modules, please feel free to contact your local Tools4ever office.
It has recently become a hot commodity for our clients have acquired consulting services to configure the creation of their active directory accounts and exchange 2007 mailboxes with load balance. Before any process is put into place a conference call is completed to review the specifics of the installation. In addition a number of prerequisites are provided to the client, the list of prerequisites must be completed before the installation can be started. When a client requests exchange mailbox load balance it is mandatory to provide a list of exchange servers and mail stores within a SQL, Oracle, or Microsoft Access table in which the load balancing should occur.
When implementing exchange load balancing you cannot select the location of the mail store based only on the current size of the storage group. This is due to the minimal space used within the storage group before the users begins to user their mailbox. Therefore, when a process is created to complete load balancing within a clients’ environment I first rotate through a list of servers and mailboxes, thereafter checking the used space of the location to confirm that the is not extremely higher than any other one. Once the selection fits both criteria the mailbox is created. This functionality is completely customizable and can be processed directly within User Management Resource Administrator (UMRA) no matter if you are using Mass, Form & Delegation, or the Automation module.
If you are interested in User Management Resource Administrator (UMRA) and would like more information about the different modules, please feel free to contact your local Tools4ever office.
Tuesday, August 4, 2009
Moving Student Home Directories
An old client has recently approached Tool4ever Inc. looking to acquire consultant services to create a process which will move their students home directory to a specific location based on their school and grade. This task is not very difficult to complete manually, but when you are dealing with 15K students it can be very time consuming especially since you have to move the directory to the correct location and then modify the users’ home directory attribute within active directory.
The client is using the Mass module of User Management Resource Administrator (UMRA) provided by Tools4ever. With the mass module it is very simple to retrieve all users within a specific organizational unit directly your project. After browsing to the correct organizational unit, right click, and choose “display users”, all user account within the select organization unit thereafter imported into the network view of your project. After the import of the user is complete, within a matter of minutes for 14K users, you then have to set the column displaying the LDAP name of the user to an UMRA variable. Ex. %UserODN%. Variables are used by UMRA to pass the data from a specific column and row of your data view to a script that you have generated.
With the users’ distinguished name now being passed to my script, I now have to configure the script to complete the move of the users’ home directory. I first use the “Get User” action to retrieve the users account from active directory, followed by the “Get Attribute” action to retrieve their current home directory setting from active directory. Once this information is stored within variables of my process, I then use the “Rename File or directory” to specify the new location of the students home directory. Once the directory has been successfully moved I use the “Edit User” action to specify the new home directory location within active directory for the user.
If you are interested in a solution like this please feel free to contact your local Tools4ever location.
Tuesday, July 21, 2009
Scheduled Active Directory Reporting
An old Tools4ever client recently contacted us looking to extend his use of User Management Resource Administrator (UMRA). The client is currently using the automation module of UMRA to synchronize active directory to PeopleSoft. His current automation process retrieves all user data from a source system called PeopleSoft and synchronizes the data with active directory. The synchronization will automatically create an active directory account, modify current accounts and sync them with source system. In addition, the process disables and purges any accounts which have are excluded from the source system.
With the clients satisfaction of the current account creation, update, and disable processes, which are now handled automatically by User Management Resource Administrator (UMRA), he looked to automate other active directory tasks he was completing. One of his tasks is a weekly export of user name, email address, and employee ID from active directory. Once the export is complete it is then FTP’d to a third party site.
With the automation module of User Management Resource Administrator (UMRA) I was able to create a scheduled task that will be executed nightly. Once the task runs within the automation module of User Management Resource Administrator (UMRA), an LDAP query is executed within active directory which returns back a table of information which is stored in memory temporarily. Once the information is stored, I am able to loop through the table and extract the information I require for the export. Once all the data is transformed in the fashion the clients other system requires, I export the data to specific locations and then execute a command line tool via User Management Resource Administrator (UMRA) which FTPs’ the exported data to the third parties location. The task extracts and transforms over 10,000 rows of data from active directory of data in just 15 minutes.
Interested in active directory reporting? Please feel free to contact us at Tools4ever for a free WebEx session.
Tuesday, July 14, 2009
SSRPM & OWA
If you are getting overwhelmed with support calls due to your end users constantly forgetting their active directory password then Self Service Reset Password Management (SSRPM) provided by Tools4ever is the perfect solution for you. Self Service Reset Password Management (SSRPM) provides you with a user friendly interface, either client or web based, in which your end user provided answers for a number of predefined question to enroll. After the user has successfully enrolled in the product, they can easily reset their own active directory password by selecting the “Forgot my Password” button via the windows logon screen. The system administrator is also provided with an admin console where they can monitor the end users activities (enrollments and password resets completed).
With the default installation of SSRPM you are provided with the option of setting up a window based client, a web interface, or both. Recently we have been getting a large amount of consulting requests to integrate SSRPM with other products, such as the exchange 2003 outlook web access page. Modifying the default OWA to contain a “Forgot my Password” link has become a very hot commodity. Since it has been in such high demand I have decided to provide you with a sample of adding the simple link on your own.
With the default installation of SSRPM you are provided with the option of setting up a window based client, a web interface, or both. Recently we have been getting a large amount of consulting requests to integrate SSRPM with other products, such as the exchange 2003 outlook web access page. Modifying the default OWA to contain a “Forgot my Password” link has become a very hot commodity. Since it has been in such high demand I have decided to provide you with a sample of adding the simple link on your own.
To modify your default OWA logon page please follow the instructions below (remember to always keep a copy of the original code):
- Open Logon.asp page
- Enter a new line between lines 665 and 666
- Enter the following code at line 666:
If you are interesting in this solution or one like this please feel free to contact us at Tools4ever.
Friday, July 10, 2009
Mass Student Import
With August around the corner school system administrators are preparing to create the active directory accounts for the new arriving students in addition to migrating old student to their correct location. This task is dreaded by many because it is very time consuming but with the very limit funds of schools it is hard to find a reasonably priced product that can automate this task. Many of our clients use the Mass module of User Management Resource Administrator (UMRA) to accomplish this task.
Using the Mass module of User Management Resource Administrator (UMRA) you can import a .txt or .csv file that contains a list of student accounts that are required for the upcoming school year. When executing the project the script verifies whether or not there is a current account for the student record within active directory. If a student account is located for the record the process will automatically retrieve the account from active directory and move it to the correct organizational unit, modify the group memberships, and set the correct login script based on the students’ school and grade. In addition the students’ home directory is moved from to the proper location based on the grade.
If the students’ account is not located within active directory it is then automatically created by the project executed within User Management Resource Administrator (UMRA). The creation process will create the student account in the specified organization unit based on the school and grade, set any required group memberships for the account, set the login script, and create a home directory within the proper location based on the students grade.
The process runs extremely quick and can have your student accounts created via the Mass module of User Management Resource Administrator (UMRA) within minutes. If you are interested in a solution like this please feel free to contact us at www.Tools4ever.com
Monday, July 6, 2009
Exchange 2007 & Legacy Mailboxes
The migration from exchange 2003 to exchange 2007 is becoming more common throughout our clientele. During the migration phase, many clients find themselves running exchange 2007 in mixed mode. When your environment is in mixed mode it will contains “Legacy” mailboxes as well as the new “User Mailboxes”. You can successfully run your organization within mixed mode but the exchange 2003 mailboxes will have limited features. In addition to the clients making their environmental changes, we have also been approached by them with consulting requests to modify the current User Management Resource Administrator (UMRA) processes. The processes extend from creating active directory accounts with mailboxes, modifying mailboxes, as well as deleting mailboxes.
A known issue when running exchange 2007 in mixed mode occurs when mail-enabling a user, you are actually creating a legacy mailbox and not a user mailbox. I have run into this issue when modifying the clients User Management Resource Administrator (UMRA) processes from using the exchange 2003 actions to the exchange 2007 actions. When the process executes it returns a number of errors from exchange 2007 stating that the mailbox creation failed. When viewing the clients’ active directory console I was able to see the exchange 2003 tabs within the properties of the account, therefore I tried to use the exchange 2003 actions within User Management Resource Administrator (UMRA) and was able to successfully create the mailbox. The problem that exists is when creating the mailbox in this fashion is that it is actually created as a legacy mailbox and not a user mailbox. To resolve this issue I had to find a way to convert the legacy mailbox to a user mailbox after I created it, to do so I used the following powershell command:
- Set-Mailbox -id UserODN –ApplyMandatoryProperties
By executing this powershell command within User Management Resource Administrator (UMRA), via a custom action was created, I was able to successfully create the exchange 2007 mail-enabled account.
Interested in a solution like this, please feel free to contact us at www.Tools4ever.com
Subscribe to:
Posts (Atom)
