I'd still be reluctant to give normal users that kind of access for the following reasons:
- Information not being entered completely or accurately. This can turn into a messy proposition later during an audit. - Information being updated in AD and not with HR or with HR and not in AD. This is hardly unique, but it is a problem in large companies. What might be a good compromise would be to give managers the level of access required. That would help to enforce all of the subordinate's information being entered uniformly, and it would come from an "official" source. On Thu, May 9, 2013 at 11:03 AM, Edward Ned Harvey (lopser) <lop...@nedharvey.com> wrote: > Coming into a company where AD properties (firstname, lastname, phone > number, etc) have been neglected ... > > > > Option 1 is to have HR contact all the people in the company, get correct > info into a spreadsheet, and then IT figure out how to script it from > spreadsheet into AD. > > > > Option 2, which I'd prefer, is to send out a mass email to the users of the > company, and have them enter their own corrected information. (Optionally, > with IT review, so Mickey Mouse can't change his name to Barrack Obama, and > stuff like that.) > > > > Admittedly, I'm posting this question prematurely. I haven't looked around > yet, which I'm going to start now. > > > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > -- ---------------------------- Regards, Michael Shulman michael.shul...@gmail.com Never attribute to malice that which can be adequately explained by stupidity. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
