[unisog] Soft Tools for Managing AD Accounts: PeopleSoftIntegration?

Stuenkel, MaryBeth maryb at umich.edu
Wed Sep 5 20:36:51 GMT 2007 

You can look at
http://www.umich.edu/~lannos/windows/central-accounts.html for how we
are currently handling this problem.  It's a semi-automated process,
where a human needs to initiate the request and then the work is done in
AD programmatically.  

We are in the process of deploying a new enterprise directory on campus
and hopefully this will allow us to leverage institutional data further,
reducing the human element.

--MaryBeth Stuenkel
  IT Central Services
  University of Michigan

> -----Original Message-----
> From: unisog-bounces at lists.dshield.org [mailto:unisog-
> bounces at lists.dshield.org] On Behalf Of Martin Manjak
> Sent: Wednesday, September 05, 2007 4:26 PM
> To: UNIversity Security Operations Group
> Cc: Brian Heaton
> Subject: [unisog] Soft Tools for Managing AD Accounts:
> PeopleSoftIntegration?
> 
> Our campus is laboring under the effort to manage employee AD
accounts.
> PeopleSoft is our HR system of record and the problems arise as staff
> are hired, depart, or move from one OU to another. Currently, AD
> account
> management is largely a manual process as departmental liaisons submit
> requests for new accounts or terminations that have to be correlated
> with the employee's status in HR.
> 
> A desired state would enable departmental staff, who already have the
> authority to authorize accounts, to manage this activity directly
(with
> the appropriate verifications against the HR records).
> 
> James A. McCloskey provided an excellent example of access management
> and reporting to the list early in August. I was wondering if anyone
> was
> facing similar challenges on the account creation and termination
side.
> 
> We are considering developing web based applications that integrate
> with
> AD, but a better solution would leverage the existing PeopleSoft web
> portal and permissions structure. Is there PS AD module?
> 
> At any rate, I'd be very interested to hear how other folks are
> handling
> AD accounts management.
> 
> Martin Manjak
> CISSP, GIAC GSEC-G, GCIH
> Information Security Officer
> University at Albany
> MSC 209   437-3813
> "Information security controls should be considered at the systems and
> projects requirements specification and design stage."
> ISO/IEC 17799 Code of Practice for Information Security Management
> 
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

More information about the unisog mailing list