User Management Resources

Outlook Web Access and Self Service Integration

2009-05-24T11:25:00.004-04:00

In my previous blog, I talked about delegating basic Help Desk functionality to the users themselves in order to alleviate inundated workload from the system administrator. I've also mentioned how users could provision their own passwords via the Self Service Password Reset Managment (SSRPM) product by Tools4ever. SSRPM allows provides users with several methods to access the utilities provided by this software: through a wizard that is displayed in the GINA, through a wizard launched from the start menu, and through customizable web-pages. One popular method is to integrate the web-page services with Outlook Web Access (OWA), which allows system administrators to control who has to enroll into SSRPM without the need to create and manage Group Policy Objects.

The driving force behind this method is the use of Profiles in the SSRPM Admin Console. In here, the sys admin can determine which organizational units (OUs) in Active Directory should be able to use the SSRPM service. Once the profile is established, attention is then focused on the web-page work flow for OWA.

Normally, when users access the OWA page, they enter their credentials, hit submit, and go directly to their mailboxes if the information is correct. With SSRPM integration, two extra checks are made between the submission and redirection process. The first check will see if the user's OU is part of SSRPM's profile. If the OU matches, then a second check is made to see if the user is already enrolled into SSRPM. If not, then the user is automatically directed to the enrollment page where he or she can proceed with easy-to-follow steps to use SSRPM to retrieve forgotten or lost passwords. If the user is already enrolled, then the page simply redirects to the OWA mailbox. By default, this integration will not allow Domain Admins to enroll into SSRPM, and as such, logging into OWA will immediately go to the admin's mailbox.

By integrating the power of SSRPM into OWA, users are given an easy and convenient method to reset passwords when they are most likely away from the office, and thus away from common password reset methods. To read more about the Self Service Reset Password Management software or other user account provisioning and delegation products, please visit Tools4ever.

Sometimes the Best Person for the Job is Him/Herself

2009-05-15T17:01:00.001-04:00

As discussed in my previous post, the challenge of managing company users becomes a more arduous task as needs change and massive updates need to be performed on a day-to-day basis. The Self Service Password Reset Manager (SSRPM) designed by Tools4ever is just one example in how Help Desk can delegate control of a very common request to the users themselves.
The concept of allowing users to modify their account settings is certainly alluring for the encumbered system admin, but such privileges usually lead to so many security holes and other pitfalls, that it simply is more trouble than it was worth. Fortunately, solutions are being developed to give users the ability to modify their own accounts, but encapsulated in a secure application to ensure data integrity. Once such application is the Self Service Portal that I have designed.

The Self Service Portal (SSP) integrates seamlessly into an Active Directory (AD) environment, avoiding the need to manage yet another set of login accounts. The privileges of the logged in user are based on their AD settings, with one example being accounts that have direct reports are considered managers in SSP. After the user has logged in, they are provided with a summary of his/her activity in the system, such as most common update, total number of updates, etc. Managers will have additional summaries based on their direct reports. All users will have at least two basic functions in SSP: Modifying their account, and viewing their history.

User:

Manager:

Within the Modify Account page, the user will be able to change basic information such as address, and contact numbers. Fields such as First Name, Middle Initial, Last Name, and logon are excluded from this application as changes here could have adverse, system wide affects.

In the History page, a table is displayed showing the 15 most recent changes. Users can view only their own changes, while Managers can view their own changes as well as changes done by their direct reports. Additional details can be seen by clicking on a time stamp, which will show what field was changed, the original value, and the new value. A filter can be applied to this list in order to generate more specific reports. The history page also allows you to export the table data to an xml file that can be imported into more robust reporting software.

Overall, the Self Service Portal provides an easy and convenient way for a user to provision his/her own account. With the ability to keep track of changes done, it provides supervisors with a view of Active Directory activity that is not normally available. To read more about self service solutions as well as other user management products, feel free to check out Tools4ever.

The Trials and Tribulations of User Management

2009-05-05T19:06:00.000-04:00

When the topic of manually managing a massive number of users is brought up, you can hear the collective cry of school institutions. Unlike most stable organizations, schools, especially colleges, have extremely high user account turnover rates that can occur several times a year. Even if it the account creation process only called for a first name and last name, by the time the system admin finished entering them all, the semester would be over, and he/she would have to delete many of them and enter a new batch. When you factor in additional account settings such as e-mail, homepage, home directory, teachers, grades, classes, contact information, etc., it quickly becomes an impossible task to do manually. Fortunately, for the sanity of system administrators, software exists that can automate most, if not all, user account provisioning needs for Active Directory (AD). One such product that excels in this regard is the User Management Resource Administrator (UMRA) application, created by Tools4ever.
UMRA provides the necessary tools to not only manage accounts at a macro level, but also at the micro level via built-in form creation. With such forms, supervisors and users can manage their own accounts without resorting to submitting requests to their system admins. Building upon the concept of delegating account provisioning to individuals via custom forms, UMRA can be integrated with popular web-page languages such as ASP or ASP.NET. By utilizing these web-pages, complex Active Directory functions become transparent for end-users, while also becoming more accessible since tasks are no longer limited to whichever server it was created on. UMRA not only handles AD actions, but it also is more than capable of handling Microsoft Exchange processes as well as manage third party applications such as Google Apps via powershell scripts. Of course this blog entry cannot explain everything UMRA is capable of, so feel free to visit Tools4ever to find more information on this and other applications.