About help desk creating AD accounts

cyberguyprcyberguypr Mod Posts: 6,928 Mod
in Off-Topic
[rant mode ON]

I am about to kill our help desk guy because every time he creates an account insists on just putting the user's title in the Description field under the General tab, completely ignoring the Organization tab. That means he copies profiles that end up with the wrong manager, wrong department and wrong title.

People want privileges but can't do such a stupid task. I spent a lot of time standardizing AD and want to keep it that way. Please tell me I'm not alone.

[rant mode OFF]

Edit: Forgot to add that when users depart he just disables the account and does not remove any security groups, DLs, etc. Days later people open ticket complaining that he still appears in DLs.
· Share on FacebookShare on Twitter

Comments

  • undomielundomiel Member Posts: 2,818
    You're not alone. Until I finally convinced the owner to let me yank domain admin rights they had just been cloning the admin account for every single new employee. Fortunately nothing bad had happened though there had been a few mishaps.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
    · Share on FacebookShare on Twitter
  • kriscamaro68kriscamaro68 Member Posts: 1,186 ■■■■■■■□□□
    What I am about to tell you is a true story and I am not exaggerating one bit.

    One of our helpdesk staff asked me to come over and help him with an issue. When I got to his desk I asked him to open a cmd prompt. He asked me how do you bring that up?

    Same guy again I asked him to setup some kiosk computers for me in the lobby area of the building. So after he plugs in the monitor and power cable which is bigtime for him he asks if the videos that are suppose to play are working right. I tell him no there is no sound. I then tell him plug in the speak cable. He asks "Where do I plug the cable into?" I said the green port on the back of the computer!

    A few minutes later on the same computer I said did you plug the network cable in? "Which port is that?" The one that looks like a big phone cable!

    A few minutes later the network isn't working so I ask if the cable is plugged into the switch above the computers. "No its plugged into a HUB." Thats not a hub its a switch!

    A few minutes later he asks "Is the sound working on all the computers now?" Yes but the sound is coming out of the wrong speakers meant for the other computer!

    Just the other day we needed him to update a bios on a laptop running bitlocker. I go over to him how is the update going? "It went fine but it wont take the bitlocker PIN and keeps prompting for a recovery key." Did you disable bit locker before upgrading? "NO"

    Be glad you don't have to deal with this! This is not me joking around either this all actually happend.
    · Share on FacebookShare on Twitter
  • N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    I believe any organization of any size should have a access control department and they should handle all user account creations. This is not limited to, ERP, EHR, EMR, AD, ETC.

    No way would I allow my helpdesk to create user accounts.

    I am thinking at a mid to large sized company.

    When I was on the help desk years back I was tasked to build user accounts for our payroll system. My access changed that day and I was sat in a different area. Access control should be governed by security and consolidated into one entity. That one entity should attempt utilize the same process for all user access accounts.
    · Share on FacebookShare on Twitter
  • shodownshodown Member Posts: 2,271
    N2IT I've have only seen that at large org's like you mentioned.

    As for the other guys you say these guys are "help desk". I wouldn't complain one bit unless you have worked with them to tighten up there issues. Cyber you have standardized the process, but was training given so that even a 8th grader could understand? If you have done that its then there are some leadership problems that needs to be worked on. I don't complain about the lower level guys messing up until I have personally showed them 2 or 3 times and pointed them to documents. When I don't have documentation or haven't given training then its my problem I feel.
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
    · Share on FacebookShare on Twitter
  • undomielundomiel Member Posts: 2,818
    My complaint is more about the incorrect or completely lacking processes at my company, not to mention very relaxed stance on security. I know full well the help desk guy is creating accounts that way because that is how he was shown to create the accounts by one of our admins. Now he has documentation on how to properly go about it and lacks the rights to do it improperly.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
    · Share on FacebookShare on Twitter
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    shodown wrote: »
    N2IT I've have only seen that at large org's like you mentioned.

    As for the other guys you say these guys are "help desk". I wouldn't complain one bit unless you have worked with them to tighten up there issues. Cyber you have standardized the process, but was training given so that even a 8th grader could understand? If you have done that its then there are some leadership problems that needs to be worked on. I don't complain about the lower level guys messing up until I have personally showed them 2 or 3 times and pointed them to documents. When I don't have documentation or haven't given training then its my problem I feel.

    This is not the first time this happens. I always bring it up nicely every time. I would say this is the 4th time. The problem is precisely what you mentioned. There's absolutely no documentation (currently working on this). When I started I came to an AD that only had the Description field populated and nothing else. No location, no manager, no dept, ZERO. I took it upon myself to populate all that data and keep it up to date.

    I want to believe adults are capable of learning from their mistakes but apparently that is not the case.
    · Share on FacebookShare on Twitter
  • EveryoneEveryone Member Posts: 1,661
    Unfortunately this is quite common. I've started at places to find that the Help Desk is NOT doing these types of tasks because they had screwed it up so much in the past. Instead, Systems Admins/Engineers are doing them, because they don't trust the Help Desk to do it.

    I am a firm believer that this is unacceptable, and have fought to give these tasks back to the Help Desk where they belong. Taking them away does not fix the problem. If people can't perform tasks at the level of the position they are in, then they do not belong in the position, it's as simple as that.

    I hold Help Desk supervisors/managers. accountable when their people fail to do simple tasks. It is THEIR job to fix the problem with their people, not mine.

    Sometimes you may have to find ways to help "idiot proof" these types of tasks, make it much harder for someone to screw up.
    www.fixtheexchange.com
    · Share on FacebookShare on Twitter
  • FloOzFloOz Member Posts: 1,614 ■■■■□□□□□□
    i feel your pain...there a person in our office that refuses to put new users into their proper department and even OFFICE!!!! Note that we have 20+ offices and our unmanaged hosts folder is overflowing
    · Share on FacebookShare on Twitter
  • XiaoTechXiaoTech Member Posts: 113 ■■■□□□□□□□
    kriscamaro68 wrote: »
    What I am about to tell you is a true story and I am not exaggerating one bit.

    One of our helpdesk staff asked me to come over and help him with an issue. When I got to his desk I asked him to open a cmd prompt. He asked me how do you bring that up?

    Same guy again I asked him to setup some kiosk computers for me in the lobby area of the building. So after he plugs in the monitor and power cable which is bigtime for him he asks if the videos that are suppose to play are working right. I tell him no there is no sound. I then tell him plug in the speak cable. He asks "Where do I plug the cable into?" I said the green port on the back of the computer!

    [snip]
    Be glad you don't have to deal with this! This is not me joking around either this all actually happend.

    I have to ask...what kind of credentials does someone like that have to work in help desk? If they have A+, they should be able to know the difference for everything you listed. Thats...just amazing. It took me six months to find a real, full time IT job while others are just at work collecting a paycheck. :/
    · Share on FacebookShare on Twitter
  • kriscamaro68kriscamaro68 Member Posts: 1,186 ■■■■■■■□□□
    XiaoTech wrote: »
    I have to ask...what kind of credentials does someone like that have to work in help desk? If they have A+, they should be able to know the difference for everything you listed. Thats...just amazing. It took me six months to find a real, full time IT job while others are just at work collecting a paycheck. :/

    Trust me it annoys me that he is still working here while there are a lot of other people out there looking for a break and cant get it because of people like him. The fact of the matter is I am not going to teach someone computer basics. I have already told my boss he is worthless and should go. As of right now he is thinking about getting rid of him. He has admin access to the computers because he needs it to do his job if you wanna call it that. Its not with is main accout though.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.