I came across a blog posting from a few years back at the Helping the Helpdesk blog and I thought it was worth reposting. Little has changed and we are still inundated with calls from school districts struggling to find a way to manage users accounts before the start of the new year. The approach described below follows Tools4ever's method for synchronizing student information systems such as PowerSchool, Infinite Campus, and Aeries with your Active Directory and other resources like Google Apps, Live@edu, Destiny and so on.  I hope you find the post helpful!

Summer Fun

The summer time means vacations, no school, hitting the beach, and all kinds of great fun. Unless of course, you are a system administrator for a school district. The summer then means you are squeezing in every major project that you can before school starts up again in August or September, depending on the region in which you reside. As such, the last thing you have time for is dealing with student active directory accounts.

Yet, you will have an influx of new students. And depending on your organizational unit structure, you may need to roll over these accounts into new OU’s based on graduation year or grade level. Maybe these grad year or grade level OU’s are within a higher level OU for each school in the district. Perhaps each grad year or grade level has a specific share somewhere, on which the user’s home directories must reside. These home directories need to move with the student throughout his or her career in the district.Then, of course, there are group memberships, which most likely created within the same design as the OU structure.

Manually provisioning all of this can take weeks. Scripting these tasks in visual basic is slow and tedious as well. With User Management Resource Administrator’s Automation module, you can streamline these tasks, and have them occur on a scheduled basis. Here is a high level overview of such a process:

• UMRA queries the SIS system, or csv export of student information
• This data is compared to AD
• New accounts are created based upon existence in the SIS system and not AD
• Updates to accounts occur based upon existence of the user in the SIS and AD
• Account disables are based upon either an inactive flag in the SIS, or the lack of the account existing in the SIS when it exists in AD

Processes for group and home directory provisioning can be based up a graduation year or grade level, even if this information is not necessarily provided (to be detailed in a coming post). Automation can be scheduled nightly, or more or less frequently as needed. All actions against AD accounts and their resources are logged for auditing and troubleshooting purposes. It can even generate email alerts for you.

You are now free to (not) enjoy your summer break doing other tasks.

You’re welcome. ;)

For more information, please visit Tools4ever