[unisog] Soft Tools for Managing AD Accounts: PeopleSoft Integration?

[Martin Manjak]

Our campus is laboring under the effort to manage employee AD accounts.
PeopleSoft is our HR system of record and the problems arise as staff
are hired, depart, or move from one OU to another. Currently, AD account
management is largely a manual process as departmental liaisons submit
requests for new accounts or terminations that have to be correlated
with the employee's status in HR.

A desired state would enable departmental staff, who already have the
authority to authorize accounts, to manage this activity directly (with
the appropriate verifications against the HR records).

James A. McCloskey provided an excellent example of access management
and reporting to the list early in August. I was wondering if anyone was
facing similar challenges on the account creation and termination side. 

We are considering developing web based applications that integrate with
AD, but a better solution would leverage the existing PeopleSoft web
portal and permissions structure. Is there PS AD module? 

At any rate, I'd be very interested to hear how other folks are handling
AD accounts management.

Martin Manjak
CISSP, GIAC GSEC-G, GCIH
Information Security Officer
University at Albany
MSC 209   437-3813 
"Information security controls should be considered at the systems and
projects requirements specification and design stage."
ISO/IEC 17799 Code of Practice for Information Security Management