We follow option 3 using MS's FIM product to pull data from our peoplesoft ERP system and push it to AD. We are working on better internal business processes to handle attribute updates . Putting FIM in is a major project.
Jim Ennis Director Systems and Operations University of Central Florida 4000 Central Florida Blvd CSB 308 Orlando, FL 32816 E-mail: [email protected] Voice: 407-823-1701 Fax: 407-882-9017 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Shulman Sent: Thursday, May 09, 2013 2:15 PM To: Edward Ned Harvey (lopser) Cc: [email protected] Subject: Re: [lopsa-tech] Users update their own info in AD I'd still be reluctant to give normal users that kind of access for the following reasons: - Information not being entered completely or accurately. This can turn into a messy proposition later during an audit. - Information being updated in AD and not with HR or with HR and not in AD. This is hardly unique, but it is a problem in large companies. What might be a good compromise would be to give managers the level of access required. That would help to enforce all of the subordinate's information being entered uniformly, and it would come from an "official" source. On Thu, May 9, 2013 at 11:03 AM, Edward Ned Harvey (lopser) <[email protected]> wrote: > Coming into a company where AD properties (firstname, lastname, phone > number, etc) have been neglected ... > > > > Option 1 is to have HR contact all the people in the company, get correct > info into a spreadsheet, and then IT figure out how to script it from > spreadsheet into AD. > > > > Option 2, which I'd prefer, is to send out a mass email to the users of the > company, and have them enter their own corrected information. (Optionally, > with IT review, so Mickey Mouse can't change his name to Barrack Obama, and > stuff like that.) > > > > Admittedly, I'm posting this question prematurely. I haven't looked around > yet, which I'm going to start now. > > > _______________________________________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > -- ---------------------------- Regards, Michael Shulman [email protected] Never attribute to malice that which can be adequately explained by stupidity. _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/ _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
