October 27th, 2005 05:22 PM
Modify Accounts Program -- AD
I'm looking for a program that will allow me to modify accounts in my Active Directory and also log when certain things are done to an account. Such as when an account is created/disabled have a sql database somewhere or a log of somesort or even just send an email.
Or if AD can do this I would love to know how.
Basically we are a ASP and when customers call up to have new users created/deleted people are creating them and not following the process. So in my mind that triggers something that says take it out of the peoples hands and make it automatic.
Any ideas would be great.
October 27th, 2005 05:52 PM
You can get some of that functionality through third-party vendors, such as Quest. It ain't cheap and requires a lot of programming. You can do the same kind of thing in your own forest using LDAP, Visual Studio, scripting and SQL. When we first set up AD in my previous life, we tried to do the accounts manually, and it is a disaster in a high volume environment. Even with use of account templates and such. Processes must be followed by humans, and humans err.
The best thing is to program the process and log everything. I wish I could give you the core source we used, but I no longer have it.
However, I will point you to a good resource, Windows 2000(3/) Scripting Guide, MS Press, and Windows Admin Scripting Little Black Book (2E). Those will have all you need to _begin_ automating account creation (among other things).
October 27th, 2005 09:32 PM
so no one knows of any programs than??? I think since this is important to the billing aspect of the company they are willing to shell out some money. I completly agree with you though on how it needs to be automated.
October 27th, 2005 09:50 PM
I think the challenge is that AD is a very flexible and dynamic directory service. Building a tool that is a one-size-fits-all would be next to impossible. No one AD structure is exactly the same as another. If you use the outline of your account creation policy and procedure, you can actually script most of the steps needed to automate the process. Then, put a little VB or C# front end on it, and have at it.
October 28th, 2005 03:52 AM
Seems to me Win 2000/XP already have builtin programs to act on Active Directory, namely MMC, mmc.exe, and Group Policy, gpedit.exe. Open Run and put one of those in.... MMC has snapins that do pretty much what you want on AD.
October 28th, 2005 09:01 AM
Useing a Database sql with the following information and as mentioned earlier a bit of scripting help?
and this page in particular
As was mentioned earlier.. a bit of scripting will help.. a bit
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr