Options
Active Directory fields and information require updating
TheFORCE
Member Posts: 2,297 ■■■■■■■■□□
This thread isn't directly relevant to certifications but this is the only place I think could answer my question.
I am having a lot of issues on my current AD environment with the user information not being maintained properly. The helpdesk is understaffed and only update few fields but this lack of thorough updating makes my job extremely difficult and time consuming when I'm doing my invesigations and reviews.
Long story short, when a user has a name change the Helpdesk is only updating the user's Last Name, Display name and call it a day. This however creates issues on my side. I need the Helpdesk to update ALL required information! Exchange accounts, email addresses, network account info and any other info that require updating. Because I only have read-only access to AD and no access to Exchange I can't identify all the required fields so I can create a guide for them with a step by step process of what info needs to be updated. Plus my AD knowledge is not at the expert level currently.
Can someone provide a link to any resources or if from experience you know which fields need to be updated or if you have a guide I can use?
It is frustrating to see a user Jean Doe with an email address and network account of JeanSmith. I have to do a lot of correlations in order to say Jean Doe is Jean Smith. This has been going on for years in this AD environment and I need to fix it.
Thanks!
I am having a lot of issues on my current AD environment with the user information not being maintained properly. The helpdesk is understaffed and only update few fields but this lack of thorough updating makes my job extremely difficult and time consuming when I'm doing my invesigations and reviews.
Long story short, when a user has a name change the Helpdesk is only updating the user's Last Name, Display name and call it a day. This however creates issues on my side. I need the Helpdesk to update ALL required information! Exchange accounts, email addresses, network account info and any other info that require updating. Because I only have read-only access to AD and no access to Exchange I can't identify all the required fields so I can create a guide for them with a step by step process of what info needs to be updated. Plus my AD knowledge is not at the expert level currently.
Can someone provide a link to any resources or if from experience you know which fields need to be updated or if you have a guide I can use?
It is frustrating to see a user Jean Doe with an email address and network account of JeanSmith. I have to do a lot of correlations in order to say Jean Doe is Jean Smith. This has been going on for years in this AD environment and I need to fix it.
Thanks!
Comments
-
Options
636-555-3226
Member Posts: 975 ■■■■■□□□□□
You need an Identity & Access Management dept (or at least a guy with the role). Time to start filling out some negative surveys from the ticketing system!
Things we keep updated here in our IAM division
First name
Last Name
Display Name
Name (most places like this to mirror Display name but is technically a separate AD attribute, also some apps require this to be identical to Display name)
Description (usually just Job Title)
Office
Telephone number
E-mail
Country (if global)
Street, City, State, Zip optional if you have any actual use for it (we segregate offices by OU so don't use these much)
Job Title (usually same as description)
Department
Company (usually just our company name unless a 3rd-party contractor, vendor, implementer, etc)
Manager Name
Not sure if it helps any. Feel free to shoot back some questions. Some HR systems can automatically update AD attributes, too. -
OptionsTheFORCE
Member Posts: 2,297 ■■■■■■■■□□
Thanks for the feedback 636. We are already trying to do that but it will be easier if I start doing some preliminary fixes so when the system is up and running we don't have to update much. Trying to be proactive here, that's why I wanted to get the information in advance.
-
OptionsTheFORCE
Member Posts: 2,297 ■■■■■■■■□□
Did some further research and was able to find the information! This will be sweet!
-
Options
alan2308
Member Posts: 1,854 ■■■■■■■■□□
First, good written procedures. Second, training. Third, holding people accountable when the procedures aren't followed.
Yes, documentation and training take time. Cleaning up the mess after the fact takes time over and over again. Helpdesks are always understaffed and overworked. This is what happens when they're working from memory and possibly just don't know any better. -
Options
NetworkNewb
Member Posts: 3,298 ■■■■■■■■■□
This page came in handy when I was creating the procedure at my current position:
https://community.spiceworks.com/how_to/96297-changing-active-directory-and-exchange-username-after-marriage-or-mistake -
OptionsTheFORCE
Member Posts: 2,297 ■■■■■■■■□□
Thanks man. The link is even more detailed than the one i found. I'll probably use this.
Alan, this is what I'm trying to do. Make the Helpdesk accountable for their actions. They want to close huge amount of tickets but by doing that they do things half way. So I'm going to write a policy and a procedure for them to follow.
