Modify Accounts Program -- AD
Results 1 to 6 of 6

Thread: Modify Accounts Program -- AD

  1. #1
    Senior Member
    Join Date
    Jan 2004
    Posts
    172

    Modify Accounts Program -- AD

    I'm looking for a program that will allow me to modify accounts in my Active Directory and also log when certain things are done to an account. Such as when an account is created/disabled have a sql database somewhere or a log of somesort or even just send an email.

    Or if AD can do this I would love to know how.

    Basically we are a ASP and when customers call up to have new users created/deleted people are creating them and not following the process. So in my mind that triggers something that says take it out of the peoples hands and make it automatic.

    Any ideas would be great.

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    You can get some of that functionality through third-party vendors, such as Quest. It ain't cheap and requires a lot of programming. You can do the same kind of thing in your own forest using LDAP, Visual Studio, scripting and SQL. When we first set up AD in my previous life, we tried to do the accounts manually, and it is a disaster in a high volume environment. Even with use of account templates and such. Processes must be followed by humans, and humans err.

    The best thing is to program the process and log everything. I wish I could give you the core source we used, but I no longer have it.

    However, I will point you to a good resource, Windows 2000(3/) Scripting Guide, MS Press, and Windows Admin Scripting Little Black Book (2E). Those will have all you need to _begin_ automating account creation (among other things).

  3. #3
    Senior Member
    Join Date
    Jan 2004
    Posts
    172
    so no one knows of any programs than??? I think since this is important to the billing aspect of the company they are willing to shell out some money. I completly agree with you though on how it needs to be automated.

  4. #4
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    I think the challenge is that AD is a very flexible and dynamic directory service. Building a tool that is a one-size-fits-all would be next to impossible. No one AD structure is exactly the same as another. If you use the outline of your account creation policy and procedure, you can actually script most of the steps needed to automate the process. Then, put a little VB or C# front end on it, and have at it.

    Good luck!

  5. #5
    Junior Member
    Join Date
    Oct 2005
    Posts
    6
    Seems to me Win 2000/XP already have builtin programs to act on Active Directory, namely MMC, mmc.exe, and Group Policy, gpedit.exe. Open Run and put one of those in.... MMC has snapins that do pretty much what you want on AD.

  6. #6
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Would:

    Useing a Database sql with the following information and as mentioned earlier a bit of scripting help?
    http://www.computerperformance.co.uk...VDE_LDIFDE.htm
    and this page in particular
    http://www.computerperformance.co.uk...Logon_LDIF.htm

    As was mentioned earlier.. a bit of scripting will help.. a bit
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides