Andy, While I'm not aware of any specific products on the market that do exactly what you are looking for, in it's simplest form what you are asking is actually pretty easy to do programmatically using ADO and ADSI. However there are a lot of things to consider if you were going to go the scripting route, such as the mechanism for validating the 'flat file' data feed, what a newly created user's default attributes/groups/password should be, any logging & soft/hard error-handling, event notifications, etc.. There's also the concept (and quasi-finality) of deleting a user object to consider, which essentially destroys the uniqueness of that object, thereby nullifying all pre-defined access that may be tied to it. While this is not necessarily a major issue, you might consider the option of simply disabling the accounts that have been earmarked for removal, moving them to a terminated users OU or container that only administrators have access to. This would provide you with the option of reusing/re-enabling a userid in the event a user is rehired/contracted/etc. (and you could age them out over a pre-defined period if necessary).
Hope this helps, Richard > -----Original Message----- > From: Andy Grafton [mailto:orangerover@;hotmail.com] > Sent: Thursday, October 31, 2002 8:39 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] AD user sync to flat file > > > This is one of those "does anyone know a product which can do > this...?" questions. Apologies. > > Have an Active Directory (single domain) with about 65,000 users. > > Have a personnel system which produces a flat file consisting > of [only] usernames. > > Once a week, our customer wants to run a utility which will > perform a very simple "synchronisation" of the users in the > Active Directory with those listed in the flat file. > > The rules... > If the user is in the flat file and the directory, do > nothing. If the user is in the flat file but not the > directory, create it in the directory [in a default > location]. If the user is in the directory, but not the flat > file, delete it from the directory. > > My immediate response is that you should do this with a > script of some sort, but I was wondering if anyone has > located a product can do such simple things? If its > relatively inexpensive, then its not worth spending > programming hours on reinventing the wheel. > > I had a look at NetIQ, Fastlane and iPlanet's offerings, but > they are all far too heavyweight to even consider. > > Don't ask why the flat file... The personnel system is not > connected to anything and the data travels by CD and sneaker-net. > > Thanks, > > Andy > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
