ESSOM –Enterprise Single Sign On Manager SSO

Have Questions? Email Me: Email Me Click Here

Tools4Ever’s Product Downloads Below.
Download User Management Resource Administrator > Download
Download Self Service Password Reset Manager SSRPM > Download
Download Enterprise Single Sign On Manager > Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

ESSOM –Enterprise Single Sign On Manager SSO

Now I know that most of my blogs focus on UMRA and its COM object, however tools4ever released a few months back Enterprise Single Sign On Manager ESSOM for short. What is this application, and what does it do you ask? Well, I know most of you are familiar somehow or another with the term Single Sign On. Single Sign on allows you to have an automatic sign in process to web based applications, windows applications etc. So take this for example, when you come into work for the day, you might have to log into a few applications like goldmine, access database, outlook web access, or other internal or external applications web based or not. With ESSOM you sign in once, and every time you go to it from there on, ESSOM will then automatically take the username / password you used from the previous login, to log you in. No more forgetting passwords, or taking five to ten minutes each day to log into your other applications.

Now not only is the above example really handily, but ESSOM is a complete Single Sign On Solution. Unlike like most Single Sign ON SSO applications, you are bound to what applications they can connect to, and you have no control over some of the applications you want to assign out, or even who can use SSO. ESSOM takes all the locks, and the hassles out of having to contact your SSO provider each time a new version of software comes out etc. With ESSOM you are able to make your own SSO solution for the different applications that are out there. Again, it can be a web based application, a Windows application etc. ESSOM comes with delegation control, so you can now have full control over what applications are available for enrollment, and who they are enrolled to. You have full control over how the applications functionally works, you can create custom login box’s, controls, messages etc. So as you can see ESSOM is a complete Single Sign On Solution.

I hope this gives some of you out there an idea of what ESSOM. So if you haven’t already download the trial version with the link at the top of the page.

Blog Update July 28th 2009

Since Single Sign On Enterprise solutions are really coming into there own now days, I will elaborate on this topic a bit more. So as you've seen above tools4ever's ESSOM product is very versitle in its core application, however, there are a ton of built in freatures, and Templates for different applications built right in, so you can get your Single Sign On running faster them ever. Templates you ask, yes... out of the box 10+ already configured applications are ready for use, all you have to do is assign them to your users, and your off. This whole process should only take around 10-15 minutes, so as you can so, not a whole ton of adjusting needed. You can however, go back and edit these applications, you can edit how they work, what prompts say etc. Now keep this in mind, you can edit any of these prebuilt Templates to your liking, or revamp them completely. So as a new application version comes out, you can use the previous versions template as a road map to your new version, very few, if not one or two actions will need to be changed.

Now there is one feature that I thought some of you might find very hand and very useful to use. Well there are 2, so lets talk about the first hand feature of ESSOM . One feature is the abilty to use one username / password to sign into an application automaticly. Now wait, let me get into this a bit deeper, so lets say you have an applicating called "PayRole", and you have two username / passwords for this applications. One of the usernames are used for "general" employes, and the other is for "admins". You can now assign a Single Sign On Solution to a user, and when they open this "PayRole" application, they wont even see the username / password that you already assigned to the user for enrollment. To the end user its seamless and they think they sign right into the application. The second handy feature of ESSOM is the ability to allow users to asign other users there login creditials, without giving them the username / password of the account. You, as an admin of ESSOM have the ability to say what applications you can do this with, and who can do this. So for example if a manager was leaving on vacation for a week, and was letting someone take his duties, but this other user needed different usernames / passwords for these other applications so it will give them options etc. based on there role, typically the manager would have to give the delegated person his username and passwords. Not anymore with ESSOM . You can allow users to delegate these out, for a specific period of time, and when the users signs into the assigned application it will use the delegated credentials to log in with, no need to pass along passwords and usernames.

So I hope this gives some of you out there a better idea of what Tools4Ever ESSOM application does on a more detailed level. However, I have yet to really touch on all the core functions of this application, so keep an eye out for new updates on this blog.

UMRA – Web Based Portal Active Directory Management

Have Questions? Email Me: Email Me Click Here
Tools4Ever’s Product Downloads Below.
Download User Management Resource Administrator > Download
Download Self Service Password Reset Manager SSRPM > Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

UMRA – Web Based Portal Active Directory Management

In most of my blogs I talk about a lot of the specific features a UMRA based web portal can do, and don’t really talk about this at a high level. I know some of you might be asking, what is the limitation of building a Web Portal while using UMRA as your back end logic tool. Really, there only a few limitations of UMRA or the portal. Your only limitation would be your connection to your other applications, or locked features. Now, let me explain this. For example, if you wanted a user to search for a user, then have the ability to edit that users active directory attributes, then edit there information in a downstream system like an AS400. If you AS400 doesn’t allow any type of connection to it for updates etc, then you won’t be able to add this functionality into your UMRA portal. Now, keep in mind if I say wont/cant this doesn’t mean you can’t do it. Most of the time if you look around on the internet, you will find a lot of different resources on how you can accomplish your active directory integration. So here is a quick list of some of the cool things you can do with a UMRA portal that you delegate out to other users.

> Active Directory AS400 Sync
> Group Management
> File and Permission Management
> User Management
> View GPO’s On OU (Organizational Units) Yes with the web
> Active Directory Reporting and Auditing
> HR Management
> Student Information System SIS Management
> Summer School Student Management

These are just a few of the integration options that I’ve done for our clients, as you can see these all vary, and the GUI interfaces vary from simplistic designs, to web 2.0 designs, to integration into your own intranet site. So I hope this blog gives some of you out there an idea of what a UMRA portal can consist of. Overall, your functions and work flows are endless since, you have the power of UMRA at your fingertips, as well as web controls.

UMRA – Student Account Approval Work Flow System

Have Questions? Email Me: Email Me Click Here

Tools4Ever’s Product Downloads Below.
Download User Management Resource Administrator > Download
Download Self Service Password Reset Manager SSRPM > Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

UMRA – Student Account Approval Work Flow System

In most of my blogs I talk about how you can create custom UMRA driven web portal that create users, create groups etc. However, in most cases you may want to put a create student account, or any type of account into a work flow process to ensure other departments approve of the request, or take action on the account prior to it going live in Active Directory. In this case, UMRA is the perfect for processing all the different work flow steps. How does it do this you might be asking. Well UMRA has the ability to connect to databases, pass database to databases, and create active directory objects, so with this in mind, it can handle the complete Work Flow you may want to process on a user creation. Now, again keep in mind that UMRA has the ability to create users from a CSV, database etc. but again, we are just focusing on when we see a new user account in a Student Information System SIS database, or csv, etc that we fire off this user account to be put into a work flow process. Ok, so below is a quick overview of one of the previous User Account creation work flow processes I’ve developed.

Step 1
Get connected to your datasource with UMRA. This datasource can be a csv, database, etc. This is the source your UMRA Automation project will be looping through hourly, daily etc. to look for new records that need to be in Active Directory.

Step 2
If your UMRA Automation project finds a record in your datasource that needs to be in Active Directory, instead of creating that in Active Directory, you can now add this record to another database for pending tickets, these tickets can hold when they were created, plus multiple approve columns for the different departments, or check points you want to have verified before it moves on in the work flow process. Now, don’t forget that when your process runs again, you need to make sure you already don’t have a previous ticket for a new account in the system.

Step 3
As your users are emailed about their approval in the work flow process, you can have links to a UMRA driven web portal where these users can accept / deny these tickets.

Step 4
Once all your tickets have gone through the work flow process, you can do a multiple of things. You can either have it so, once all the ticket have been approved, to then create the account in Active Directory, or you can have it then go into another IT or Admin Ticket System for final approval.

So I hope this helps some of you out there who might be thinking about going to this type of approach, if you have any questions please feel free to email.

UMRA – SIS Student Information System Import Active Directory

Contact Me: Send me an Email!

If you haven’t already, please read my first post on where and how to download a trial version of User Management Resource Administrator, developed by tools4ever. UMRA

Download Trial Version of UMRA > http://www.tools4ever.com/download/
Download Trial Version of SSRPM > http://www.tools4ever.com/download/

PowerSchool Student Information System SIS To Active Directory
http://activedirectoryadmin.blogspot.com/2009/07/umra-powercampus-erp-active-directory.html

Destiny Student Information System SIS To Active Directory
http://activedirectoryadmin.blogspot.com/2009/07/umra-destiny-sis-active-directory.html

Zangle Student Information System SIS To Active Directory
http://activedirectoryadmin.blogspot.com/2009/07/umra-zangle-sis-active-directory.html

Aeires Student Information System SIS To Active Directory
http://activedirectoryadmin.blogspot.com/2009/07/umra-aeries-sis-active-directory.html

UMRA – SIS Student Information System Import Active Directory

This blog is going to be something a little different from my other previous blogs that main focus on UMRA and its COM Object Methods. Creating web portals with UMRA is quite popular however there is a completely different side to UMRA that a lot of our clients are utilizing UMRA for. UMRA has the ability to sync up your current Student Information System SIS to active directory. Now, you might be thinking this is quite the huge task, however, with UMRA this task becomes possible to put on a automated schedule. Now, depending on what SIS you have PowerSChool, Destiny, Zangle, Aeires etc. you can create your UMRA Automation Sync to mimic the same logic you do now on a daily, weekly, or monthly basis when you manage your student or staff active directory accounts. Now, for this blog I will just focus on the student accounts, however to UMRA a active directory is the same, so it being a student account or staff won’t matter, but your script logic would change. UMRA has the ability either connect directly to your SIS database, or even getting a CSV dump of your SIS data, and using that as your sync data. Below is a quick overview of some of the features you can do when you’re creating a new UMRA SIS Sync to Active Directory.

If you want more details on a student information sync to active directory on different systems, visit some of the links at the top of the page. These cover most SIS systems, however, if there is one you don’t see, please feel free to email me.

Student SIS Account Creation.
UMRA has the ability to check your SIS and make sure, student accounts that need to have an account in Active Directory do. Upon creation of a user, you can create them in the correct OU based on your SIS information, ensure your username’s are either student ID’s or some type of unique identifier, set temporary passwords, or flag the account to change upon next successful login.

Exchange 2000 2003 2007 Email Creation
UMRA also has the ability to create mailbox for students at the same time as a student account is being created. UMRA can create the student mailbox on specific mailstores depending on your SIS data. Now email dosent need to pertain to just Microsoft Exchange, you can also provision accounts on google, and hotmail using either UMRA Command Line Interface CLI or PowerShell Script INtergration.

Now this is just a quick overview of some of the features that UMRA can do when syncing up your SIS with Active Directory. Keep in mind that once your UMRA script is completed, you can now put it on a scheduler and have it run at your specific interval, so as your SIS data changes, it will in turn reflect those changes down to Active Directory. I hope this helps some of you out there if you are going to an approach like this, and again these are just some of the features, UMRA has way more then what is posted, if you want to read more on these topics don’t forget to visit my other blog http://www.activedirectoryadmin.blogspot.com/

UMRA – Active Directory Export to XML SOA

Tools4Ever’s Product Downloads Below.
Download User Management Resource Administrator > Download
Download Self Service Password Reset Manager SSRPM > Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

UMRA – Active Directory Export to XML SOA

This blog will be a little different then my previous blogs, this blog will focus on how most applications today are now moving towards Service Oriented Architecture (SOA). What is this you might be asking? I bet in some way shape or form one of your current business applications is using this type of framework for data processing. So how do you use UMRA and SOA? UMRA has the ability to not only create any active directory object, it also has the ability to run reports and audits on Active Directory in real time. So for example, say if you wanted to get all users in your Active Directory and at the same time get firstname, lastname, displayname, active/disabled status, locked status, and even when there password will expire, you can do this with UMRA. It’s a widely looked over aspect of UMRA, since in most cases our UMRA scripts will create objects and compare objects in Active Directory, but not write this data to a file. Since UMRA is a very quick and lightweight application, getting this data is very fast, and in most cases two times as fast as running a VBscript, or Pearl script to obtain this information. So once you have your information you want to get, UMRA has a function called “Export Variables” this function will export your current variables to a text file, this text file can be a .csv, .txt, .xml etc. so the possibilities are endless. Once you have your xml file, or other data type, you can now use this data to process through your other SOA based application. So for example, we had a currently client who had a library system that grab an XML file that was placed in a cretin folder, and every hour it would look at the file, and take any username, lastname, firstname, etc. formatted in XML and insert those records into the library system. So when our normal UMRA PowerSchool Student Automation sync up new students into Active Directory, we were able to catch new students on a nightly basis, and write this information to this XML file. So in turn, we were able to provision different accounts into two different systems during out UMRA PowerSchool Student Automation. So I hope this helps some of you out there maybe thinking about creating your own Active Directory Audits with UMRA.

So I decided to update this blog post with some more in depth information on how to export your data to XML with UMRA, the benefits of this, and also tips of how you can do this export. Now, I hope after reading the top portion of this blog you get an idea of what SOA is all about. Plus, as you've most likely read on other websites, and software documentation many are moving towards this SOA schemea, not only for import, but for export of there data to allow easier intergration of applicaions. Now in he preious paragrah I talked about applications that you can pass your XML to, but here I will talk about how to use our UMRA extrace XML data that you kick out to applications for reporting purposes. Yes, in some cases you may want to get repors all Active Directory users last login date, or Active Directory users whos passwords never expire. What ever the report is, either do your calculations in UMRA or do your calculations on your wepage code. Once you've exported the data you need to your XML file, you can now either use a custom flash based charting grah to read in your XML data, and display it on your screen. If you dont have anyone that can create custom flash based chart, take a look online, there a few good charting applications that can integrate easily in your UMRA applications. No keep in mind that you dont need to display these XML data files on some type of visual flash chart you can just as easy display this data with pure text. In this event you can simple do calcuations on our webpage to get users or data that meets your criteria, total it, and then display it back on the webpage. Now, even to go simpler, you can just have a page that pulls the XML file directly up, however these files might be a tad hard to read depending on how much data you are pulling back, so this method is not perfered. So with that said, lets talk about some ways to speed up your XML data dumps from UMRA. One of the main tricks is to do as much processing as you can within UMRA. This will eliminate a lot of unnecessary open/close of connections to UMRA. Another tips is, to make sure our flash chart will partically load your XML data before the complete set of data is ready. So for example, if you want to get a list of all users and some of there attributes from active directory, and your doing this on 10k plus students, have your charting graph display maybe the first 200 or so records, and if the "scrolling" is actived to get the latest record in the XML file. So I hope this helps some of you out there with any problems you might be having if you are trying to this approach, and as you can see there are tons of applications you can use your XML for, or you can use it for custom audits and reporting.

UMRA – User Active Directory Kiosk Self Service

Tools4Ever’s Product Downloads Below.
Download User Management Resource Administrator > Download
Download Self Service Password Reset Manager SSRPM > Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

UMRA – User Active Directory Kiosk Self Service

A recent request that’s come up for one of our clients is to build a way for there employees to manage their Active Directory information, such as address, phone numbers, email address etc. However, during this process they needed a way to ensure the user who is going to use a self service portal, or kiosk machine, needs to be who they say they are. This is quite the demanding task, however with UMRA this task now becomes easy. With UMRA I am able to use it as my backend logic tool, that will do all the processing, and updating of information in Active Directory. I went ahead and took this project a step further, and wanted to log all the actions that a user took when updating their information in Active Directory. So I logged into a MSSQL (You can use MSSQL, MYSQL, Access, Oracle, really any ODBC compliant database, even a text file if you wanted), who the user is, date time, what they updated, and the old value of the attribute, and the new value of the attribute. Now an admin can look back at anyone point in time, and get a complete user audit when needed. Ok, so some of you might be asking why you would allow your users to update their information in Active Directory, simple… Now the employee is responsible for their Active Directory Attributes. What can be updated you might be asking? You can allow the users to really edit any part of their Active Directory account for a UMRA PHP ASP .NET etc. webpage, it’s up to you what you feel they should be able to edit. In most cases, we see our clients request that the end user be able to edit first name, last name, middle name, display name, description, office, phone number, email, and other Active Directory attributes. Of course when creating a UMRA Portal to manage this, the limits are endless, you can have specific drop down box’s for different OU’s, data validation etc.

Now one of the main things to keep in mind here is the security on this UMRA Self Service Portal. In most cases I will use Windows Integrated Authentication to figure out who the user is logged into the computer, then when the user goes to your UMRA Portal UMRA in the background will take who logged in user, grab their information and display it on the screen, if UMRA cannot find the user, you can redirect them to a different page, and then have UMRA email IT or someone to notify them there was an error when trying to get a users information. Below is a quick screen show of a module you can make and integrate into your intranet site or make a stand alone Kiosk Self Service Machine.

UMRA – Reset Active Directory Password From Web

Tools4Ever’s Product Downloads Below.

Download User Management Resource Administrator > Download
Download Self Service Password Reset Manager SSRPM >Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

UMRA – Reset Active Directory Password From Web

Like most schools, or business users who forget their passwords, and need to call the help desk to get them changed is a daily occurrence. Now, in most cases the user might have multiple login for different applications, so changing these other applications passwords might take emailing different departments, or emails to different vendors to get them changed. Now, as you know this is very time consuming and there is a lot of overhead in trying to reset all these password, so is there a way to combine all these password reset requests into one work flow? Yes, with UMRA you can. Now, keep in mind that there are limitations in this process such as, maybe your applications does not have an API COM or another method to connect to it, so in that case you might be out of luck, however like most enterprise software you have a way to connect to these systems. So how do I reset these passwords you ask? Easy, UMRA has the ability to connect to MSSQL, MYSQL, ORACLE, Access… really any ODBC compliant database. UMRA also has the ability to use Microsoft Windows PowerShell, but wait; you can also create your own Microsoft Windows PowerShell Actions and import them into UMRA. Yes, so with UMRA you are not limited to the functions that are built in, you can now make your own, custom password reset functions.

Ok so let’s get down to it, I will go over at a high level on how you would go about creating a script that can reset the Active Directory Password, and other downstream systems at the same time. First though before you start this process, you should read some documentation on how your downstream systems support is, see if they have the ability to call an API or COM etc. to reset a password.

Step 1
Create UMRA project that will take a parameter such as username, accounted etc. This project needs to be able to pass the correct identifier to Active Directory, and your downstream applications. For example, in your other application, if the users are marked with a special ID, you will need to link those ID’s up to the accounts in Active Directory. In most cases, if you’re lucky the same accountname in Active Directory will be the same id for the user in the other downstream system.

Step 2
Now that you have a link from the user in Active Directory and your other application, first step should be to change the password in AD, then your other application, now changing the password for your user in active directory is the simple part, however, changing your applications password is really where is where this will vary, depending on your app, you will need to do a call a command line function in UMRA for an AS400 system, maybe call a VbScript, etc.

Step 3
So now that you have your UMRA project built, you can now build a simple ASP PHP .NET etc. webpage to search for users, and then a hyperlink to call the UMRA COM object to fire off your project. (If you need help with this see my other blog posts)

So there you go, as you can see some very simple steps on how to change passwords in Active Directory and other systems. This is great way to keep all user passwords in sync.

Blog Update July 26th 2009

So you might notice on a few of your favorite blogs that I am updating them with some new and fresh content, why you ask? I am trying to give more deatail on how to do these tasks in more detail, and expand more on the high level overview i typicaly give in my blogs. I've also notice over the last month of so, this topic has been getting quite a few hits, so i fugured to update it some. So lets dig a littler deeper on some of the tips on how to do this from the web, and some of the tricks in linking all this up.

UMRA – Reset Active Directory Passwords

Now some of you might be wondering what /how does
UMRA actually change the user account in Active Directory? UMRA runs its service under an active directory account that has domain admin rights. So if you were to reset a users password that did not meet your active directories password complexity, it would throw back an error. Just liek we mentioned above, when I do my UMRA Portal
Password Resets I always have a "errorflag" variable set, at first it starts off at the value "0" and if any part of my script throws an error, I have it GOTO error portion in my script, this will in turn will set the "errorflag" variable to the value "1". In your UMRA PHP ASP .NET webpage etc. you will just check the return variable of errorflag, if its equal to 0 then you know ther was no error in the script, and the users password was changed, if it set to 1, something was wrong with the script, since you pass this script 2 paramaters, 1 is the samaccountname of the user you want to change, and the other is the password. You know you will find the user in active directory, unless someone just deleted the user, so the error must be on the password change. So if the user enteres someting that does meet your active directories password complexity, then it will throw an error trying to set the password. In some cases you can get even more fancy if you like, and if you want to throw an error jut in case its a username error, then you can have your script drop down to a differnt part of the script, and change the "errorflag" value to "2" instead of one, and then in your UMRA PHP ASP .NET webpage etc. you would see what the # is equal to, if its 2 then you know there was an error, and you will be kicking back a response like "Count not connect to user" or something like that.

As I've talked about in the top part of this blog, not only can you cange password in Active Directory, but you can also change passwords in other systems if you have the right permissions. Permissions? Yes, if your other application such as an AS400 alows for remote passwords to be sent to your AS400 for changing then you can, but you have firewall block, software blocks etc, you might run into a little trouble chaning these passwords. You can follow the same logic as I gave above to intagrate some really nice error handing. Then on your webpage, you can tell if you change your users active directory password succesfully, and then make sure you changed your user AS400 password successfuly. If both were successful, you now just sync both password up in two different systems.

UMRA – Active Directory AS400 Password Sync

Tools4Ever’s Product Downloads Below.
Download User Management Resource Administrator > Download
Download Self Service Password Reset Manager SSRPM > Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

UMRA – Active Directory AS400 Password Sync

In recent months I’ve seen more and more of our clients wanting to do password resets in Active Directory, but also at the same time change the passwords in the AS400 system they have. Typically this process would be difficult from a Web Portal perspective. In many cases some clients might have some type of VBScript, PowerShell Script, or Pearl script to sync both, but these methods take a long time to learn, and error handle is near to none at the most. However, when using UMRA to sync your passwords from Active Directory to an AS400 this process couldn’t be easier. If you do this with PowsShell, you can now import your PowerShell script into UMRA and have a simple drag and drop item that you can use anywhere in your UMRA scripts. In most deployments we’ve used a combination of UMRA’s ability to call the command line, to sync AD with an AS400. Now some of you might be asking, how we connect the 2, simple, most AS400 systems have an API that contains a few methods where you can pass a username, and a new password, or new userdata to your AS400. Methods such as updateuser, updatepassword and so on. So, not only can you keep your AD and AS400 users passwords in sync, you can also keep their AD attributes in sync with AS400, but that will be another blog. Now, be aware, that not all AS400 work like this, so consult your AS400’s documentation before you try to create such a UMRA scripts.

How, has this helped our clients? It’s helped speed up the process of user password resets. You don’t need to grant users any elevated rights in Active Directory or other systems, you can now create a simple webpage in ASP PHP .NET etc. and user UMRA COM Object Methods to call your UMRA scripts through AJAX JSON etc. I hope this blog helps some of you out there if you were wondering if UMRA had this ability.

UMRA – Web Portal Active Directory Reporting Audit

Tools4Ever’s Product Downloads Below.
Download User Management Resource Administrator > Download
Download Self Service Password Reset Manager SSRPM > Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

UMRA – Web Portal Active Directory Reporting Audit

In recent posts I’ve talked a lot about how to take actions on Active Directory objects with a UMRA Web Portal. However, sometimes you may just want to get a quick overview what’s currently in your Active Directory. Maybe you want to get a current count of Active Users, or Disabled users, or go a step further and grab these users, but also grab these users accountnames, displayname, group memberships etc. There are not a lot of tools out there right now that will do this for you, and if they do, they require extra modules to be purchased or long amounts of downtime for them to upgrade your Active Directory Tool. However, with UMRA that’s a thing of the past, you can now create simple scripts to query Active Directory in real time and get you the latest information on users, computers, groups, OU’s, really any active directory object. Now, with the rise of SOA (Service Oriented Architecture) applications out there, there main way of getting data, or sending data is via XML. Now some of you might be asking, how do you create a XML file with UMRA? Simple, since UMRA has the ability to create files, you can a file called testdump.xml, and for say each record in a table of users, you can now kick this data out to your XML file, cool huh! So, now you can use UMRA Automation project to either do a hourly, daily, or whenever dump of the current data you want to get. In most cases, you can integrate this functionally into a UMRA Web Portal where you can manually call your UMRA Automation projects to go in real time and grab this data.

Now I know some of you might be asking still, how are creating XML files of Active Directory data going to help with Reporting and Auditing of your Active Directory. Again, since many applications are now using SOA Architecture, you can feed those programs directly with your real-time XML file. Or you can create your own Active Directory Reporting and Auditing UMRA Web Portal. Below are some screen shots of what I was able to create with UMRA.

UMRA – Web Portal Error Logic Auditing

Tools4Ever’s Product Downloads Below.
Download User Management Resource Administrator > Download
Download Self Service Password Reset Manager SSRPM > Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

UMRA – Web Portal Error Logic Auditing

If you haven’t already take a look at my blog on how to get UMRA Automation projects locked down with some very flexible and extensive Error Handling. Click here > http://activedirectoryadmin.blogspot.com/2009/07/umra-active-directory-automation-error.html That blog will give you an idea of how to put Error Logic into your UMRA Automation projects. However, this blog post will be on how to check for erros when you are performing some type of action on through a UMRA web portal. We all know that sometimes you will get errors for performing an action, it can be something as simple as missing information, however that should be handled on the front end, but just in case, you want to make sure you kick some type of error message back, it can be something small as “Error”, or something complex telling the user what the error was. For example, I recently created an Intranet Portal for a large wireless company. When they created users, if for some reason there was an error creating the user, I was kicking back a message that just says “Error Creating User” however, they needed much more information than that, so I was able to build some better error handling into my project kicking back an error message such as “Wrong OU Path”, “Firstname / Lastname already in use”, and even “AccountName already in use”. With these types of error messages, you can now have a more user-friendly portal, and give more logical error messages to the end user. Now, some of you might be asking, how you get started adding some error logic to your script, well read below to find out how.

UMRA – Web Portal Error Logic Auditing How To

When you create a new UMRA Automation project, the first thing you should do is add a few actions to your script, I will always pull over a new variable actions, and call it %errorflag% and set its value to 0. I then pull over a few labels and just call them “Error” and “End Script”. If I throw an error anywhere on any of my actions such as creating a user, creating a mailbox, creating a home drive or folder, etc. I will then drop down to the “Error” label, and update my %errorflag% to 1. Now in your .asp PHP .NET etc web portal, check the value of %errorflag% if its = to 0 then there were no errors, however, its its = 1, you know you threw and error. Below is a screen shot of how you can integrate this into your UMRA Automation scripts.

UMRA – Active Directory Computer Event Logs Power Shell

Tools4Ever’s Product Downloads Below.

Download User Management Resource Administrator > Download
Download Self Service Password Reset Manager SSRPM > Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

UMRA – Active Directory Computer Event Logs Power Shell

In most of my blogs I talk about how to edit and maintain active directory users, and other objects within a UMRA Web Portal however, sometimes you might want to monitor if someone is making changes directly within ADUNC itself. You might be using some tool, or VBScript to monition these now, however, these scripts are often very hard to update, or you might have downloaded something on line, that just doesn’t seem to work. The way to get around this is use UMRA and PowerShell to scan the Event Logs for specific information, or just pull up a complete log itself. I was able to built a quick and handy power shell script in UMRA that will do go into the logs of a specific computer and grab out the information, get any recent updates on the computer (what hot fix’s etc were installed), and even grab the event log from the computer, and this is all done with UMRA and PowerShell. How is this handy to you, you ask? Well, now you have the ability to get multiple computers log records at a time, or search a computer and get the records one by one. The PowerShell script was very easy to import into UMRA, once it was imported, I was able to use this script right away, and other users who have the ability to create scripts within UMRA also have the ability to use my PowerShell script I updated. This “Upload and Share” functionally makes UMRA a true powerhouse in development, now other Active Directory Powshell scripts you might have, or have been using, can be shared with other Active Directory Admins, easily and quickly.

Here are a few screen shots of what you can do with UMRA PowerShell.

UMRA – Portal Active Directory User Audit

If you haven’t already download the free trial version of User Management Resource Administrator here > Download

Download Self Service Password Reset Manager SSRPM > Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

UMRA – Portal Active Directory User Audit

In my previous blog post I talked about how you can log all your UMRA web portal actions to a log within a SQL, Oracle, Access, or another database system. This will allow you to quickly pull up past history of actions by your users. So regardless of when your user in the portal took these actions, it could be a month, a week, a year down the line, you will now have a complete history of either actions on a user, or actions performed by a user. Now, some of you might be asking, once you have this data, how can I pull it up quickly, and get the data I need? Easy, what you can now do is add it to part of your UMRA web portal, to quickly go in, and grab certain parts of the log file, and display it back on the screen. So in this blog will show you some other cool tricks you can do to really integrate this Active Directory Auditing to your current UMRA web portal web pages. I’ve created a quick and flexible way to grab these records when you want to edit user’s details, or just look at an overview of their account.

If you haven’t already, read over some of the below blogs, to get caught up to speed.

Audit and Logging: http://umratips.blogspot.com/2009/07/umra-web-based-user-audit-and-logging.html
UMRA COM Connection: http://umratips.blogspot.com/2009/04/connect-to-umra-with-com-object.html
Loop Through DataTable: http://umratips.blogspot.com/2009/04/umra-com-object-loop-through-data-table.html

UMRA – Portal Active Directory User Audit How To

So now that we have this data logged to a database, we need a way to pull the data out we need in a more user friendly fashion. Now there are tons of ways you can do this, so the way I will talk about it, doing a simple database query with UMRA Automation project, and linking this up with you search for a user, and want to edit that users details.

Step 1:
Create a simple search webpage that brings back results based on your criteria, samaccountname, displayname, etc.

Step 2:
Create a hyperlinked JavaScript function to get the users details, similar to previous blogs I’ve talked about. This can be done a ton of ways, either with ASP PHP ASP.NET, with AJAX, etc.

Step 3:
After you have your users Active Directory Data, run either another function, or display another page getting the users data out of your logging system. Now, since you are already passing the samaccountname to your UMRA Automation project that gets the users data, you should send the same samaccountname to another UMRA Automation project that runs a simple database query on your logfile, to pull records that this user you are editing were part of.

Here are some screen shots of how I did this function.

UMRA – Web Based User Audit and Logging

If you haven’t already download the free trial version of User Management Resource Administrator here > Download

Download Self Service Password Reset Manager SSRPM > Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

UMRA – Web Based User Audit and Logging

When creating an ASP PHP .NET etc. UMRA web portal that edits, creates or modifies active directory objects, you want to have some logging system that will allow you to audit actions that were taken on these active directory objects. Now, UMRA of course has the ability to connect to SQL, Oracle, and other databases, so you can also manage these systems information and log it. However, for this blog post, we will only talk about to log all actions through a UMRA web portal. Now some of you might be asking, what can be logged. The quick answer is everything, any action, any search, anything. You can go as far as logging when someone searches for users, when someone looks at an active directories account details. However, again for this blog post we will just focus on how you would log just the actions that take effect or modify something in active directory. Now if you haven’t already, you should read my other blog posts on how to loop through UMRA datatable, and how to get the basics of the UMRA COM object connection.

UMRA COM Connection: http://umratips.blogspot.com/2009/04/connect-to-umra-with-com-object.html
Loop Through DataTable: http://umratips.blogspot.com/2009/04/umra-com-object-loop-through-data-table.html

UMRA – Web Based User Audit and Logging Tips

So as I’ve stated you can log almost any action in an UMRA web portal, even down to what your users are searching for, however, we are going to stick to a high level approach when doing our tracking and auditing. Now there are multiple ways you can get your auditing trail setup, for my application approaches, I always will log my actions to a SQL database, however it’s up to you where you log your information, if you plan to have a lot of users managing Active directory with your UMRA web portal, going towards some sort of database logging mechanism is critical, and far more flexible down the road.

Step 1:
Figure out where you want to store your logging data. This can be in a many different places, MS Access, MSSQL, MYSQ L, ORACLE its really up to you, whatever you have available to you, will work fine.

Step 2:
Get your list of functions you want to log from within your UMRA web portal. Maybe you have a create user, or edit your functions.

Step 3:
Within your UMRA Automation Project use the “Update Database” action to log the data to your database. The “Update Database” action has a setup wizard that will walk you through most of your connections to your most popular database types.

Step 4:
Now that the data is logged, you should have a webpage that will pull this data from the database. There are 2 ways you can do this, your webpage can call the database directly, or you can have an UMRA Automation Project create a generic table with the data in it. Then you would loop through that table.

So there it is, a quick an easy way to get your UMRA web portal actions logged to a database, so now you will have a complete audit trail of your portals actions. In a later post I will show you how you can integrate these logs into your user searches, so when you pull up a user account, you can see all the actions taken on it.

UMRA – Web Based User Group Management

If you haven’t already download the free trial version of User Management Resource Administrator here > Download

Download Self Service Password Reset Manager SSRPM > Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

UMRA – Web Based User Group Management

In previous blogs I’ve talked about ways you can manage users in your Active Directory through a UMRA web portal, thus limiting users from using Active Directory directly. One of the main features our clients ask for when creating a UMRA web portal with different types of Role Based Access Types is the ability to add or remove user group memberships either in bulk, or on a one by one basis. Both approaches are possible, however, in this blog I will talk a little about how you can really integrate user group management within a UMRA web portal. Now, there are a lot of pieces within Active Directory Group Management, and different ways you can manage your group memberships with UMRA, such as managing groups from the group itself. What do I mean? Instead of doing a search on a user, viewing there groups, then adding users as members of a group, you can do the reverse, and search in your active directory for a group, and view its members, and members of. So now you can manage these groups from this point of view, however I will talk about this in a later blog post.

UMRA – Web Based User Group Management Tips

If you haven’t already read how to create a basic web portal with UMRA, please read this blog here: http://umratips.blogspot.com/2009/04/connect-to-umra-with-com-object.html. That blog will give you the basics on how to create a web page with UMRA and connect using the UMRA COM object. If you need some example UMRA project see this post: http://umratips.blogspot.com/2009/06/umra-example-projects.html. That blog post is a great resource for UMRA example projects. So lets get started on how to get and or create a simple webpage to allow for your different Role Based Access Types to manage your Active Directory Users Group Memberships.

Step 1:
Create a search to grab users based on accountname, displayname, or another set of attributes.
UMRADatabale: http://umratips.blogspot.com/2009/04/umra-com-object-loop-through-data-table.html

Step 2:
Within your ASP ASP.NET PHP webpage, create a hyperlink, or an AJAX call to get the users data from your list of displayed results

Step 3:
Within your UMRA Automation Project, bind to the user with the samaccountname (username) and get the users current group memberships. Loop through these the same as we would loop through your users search results.

Step 4:
Follow the same steps for searching for groups, as you did for users. You should now have 2 lists, 1 of user groups, and 1 of searched groups. Again, within your ASP ASP.NET PHP webpage, use javascript, AJAX etc. to make a hyperlink to click so the user can be added to the group.