I needed to set up a test AD with realistic looking test users. This script by Alex Tcherniakhovski was the type of thing I wanted as it starts with lists of OUs, first names and last names and then creates accounts across all OUs listed, and using a random selection of names.
However Alex’s script uses [...]
My general negativity about FIM codeless sync aka “declarative provisioning” aka “Synchronization Rule Provisioning” is, I think, reasonably well-known by now. While Markus wrote an excellent document about importing AD groups into the FIM Portal using the codeless rules, I think there are still plenty of reasons to go old skool, and here’s how you’d [...]
I was asked to have a look at a strange DFS problem today – and eventually tracked down the cause to the Windows 7 Offline Files feature.
Here is a script I wrote to do a simple GAL synchronization between two Exchange organizations. The script finds the mail-enabled users in one domain, and creates contacts for them in the other domain. Existing contacts will also be updated and deleted as needed.
I last blogged about provisioning home directories such a long time ago that I talked about Netware. I also used a SQL table alongside to keep track of a status field as I was doing some end-of-life management – zipping up the folder and stowing it in an archive location.
But we don’t need to be [...]
Here’s an unpleasant little fact you only find out if you need to: while you could rename a domain that hosted Exchange 2003, this functionality has been removed with Exchange 2007.
Hmm. So what if you need to? Well a customer is insisting that it must be done, so I’ve had to do some investigations.
The AD management agent uses an account to connect to AD and, more often than not, this account is a member of Domain Admins. However in some organisations this is not acceptable. So what rights does it actually need?
This is a repost of an article which was originally about multivalue attributes in general, but with a focus on group members. I realised I had made some generalisations about multivalue attributes which actually specifically apply only to attributes like member, which contain reference DN values. So I am now re-releasing the post, with a [...]
I’ve already posted about the configuration options that are common to all MAs, so this post is about the options specific to the Active Directory MA, though much of it will also apply to the other LDAP-types – Sun and Netscape, Netware, ADAM, IBM Directory Server and openLDAP.
You don’t always have access to a proper IdM system. At the moment I’m at an organisation which still uses the old, manual ways of updating AD. I was asked if I knew an easy way to update the mobile phone numbers of a list of users, the data having been sent to Helpdesk in [...]
