Overview
System Requirements
Installing
Upgrading
Getting Support
The User Interface
The Toolbar
Configuration
Extract File Management
Receipt Settings
Process Settings
Server administration
Input File Viewer
File Storage
File Storage Management
Previews
The Rules Engine
Rules Interface
Creating Rules
Removing Rules
Using Templates
Purging
How to set up Purging
Manual Purging
Reporting
The Statistics Report
The Preview Report
Summary File
Action Logs
Changes Logs
User Creation Settings
1. General Options
2. Account Options
3. Path Options
4. WTS Options
5. Advanced Options
Using Placeholders
Setting Security Groups
Folder Access Rights
Email Alerts
Further Information
Domain Administration         Overview
Match Freezing
Glossary
 

Domain Administration Overview

Directory Manager is designed to replace the manual administration of a directory. As such it is a very powerful tool and its role and requirements must be fully understood to gain the most benefit.

The Source Extract file

This is the core element of Directory Manager. The content of the file determines the users that are created, those that are disabled and the content of those that exist. As part of the implementation process, the format of the file and the Unique ID value will have been finalised. These cannot change without consultation with BDS Solutions.

Extract files need to be generated on a frequent basis and made available to Directory Manager. This ensures the directory always replicates the source data system as closely as possible.

User Creation Settings

The settings in the Admin Pack form determine the settings that are applied to new and existing users. Again, these settings will have been discussed and selected as part of the implementation. These settings can be altered and will be applied to new and existing users on the next file processing.

Should further options be required, these can be discussed with BDS Solutions.

Running Directory Manager

Directory Manager can be automated. However, due to the critical nature of its role, it is recommended that it is only run manually. How often can be decided by local policy. Factors such as how often the data source is updated and how long leaver's accounts should remain active should be considered when deciding the frequency.

To run Directory Manager, add the latest extract file to the software on the Files Pending tab. Then assuming all rules and user creation settings are set, click the Process button. The extract file will now be processed.

The following table describes how each entry will be treated:

Step 1 The entry will be tried against each rule for a match.
Step 2 The directory will be searched for an instance of the Unique ID.
Step 3 If the ID exists, its OU will be compared with that identified within the rule. If they are the same the directory user will be marked as updated and the expiry data moved X days into the future (where X is the value specified in the rules).
Step 4 If the ID exists but the users name has changed, the user information will be updated with the new name. New email addresses will be generated and the old addresses will be retained as secondary addresses for the user.
Step 5 If the ID does not exist a new user will be created in the OU identified by the rule and an associated mailbox generated (if so configured) in the first mailbox store on the server. It is critical that the ID relating to a person does not change otherwise it will be treated as a new user.
Step 6 If the ID exists but in a different OU than identified buy the rule, the user will be moved to the new OU (if so configured).
Step 7 When user is created or moved to a OU, that OU will be examined for security groups that the user should be a member of.

On completion, the actions completed by Directory Manager should be reviewed. Firstly the Statistics Report provides an overview of how many entries matched the rules. Secondly, the Action Log provides a more detailed analysis on the action performed for each entry in the extract file. The Active Directory itself can be checked to ensure all user objects are as expected.

Disabled Users

Directory Manager can be set to disable accounts that no longer appear on the extract file. These accounts can be disabled in the OU they are located or they can be moved to a separate OU. It is then up to local policy to decide what to do with these accounts.