RE: [ActiveDir] ADUC Customization / Input Validation

Sun, 02 May 2004 12:22:53 -0700

 
A mightly number of options there from Tony and Joe - we are looking at MIIS as a possible solution for a number of systems - Openldap, Oracle OID, NDS and some ADAM solutions. I like MIIS, and I think an organisation with a number of systems such as ours can only have any level of consistent integration with a Metadirectory tool such as MIIS. I've written some VB provisioning scripts to integrate with the AD connectors, but I've a long way to go! I'm even considering using MS Access to at least get some simple validation forms in place. We know who is administering the directory, there is no issue of rouge administrators.
 
Cheers 4 the advice
 
Ian
 
 


Tony Murray <[EMAIL PROTECTED]> wrote:
Hi Ian
 
I think the main problem with modifying ADUC is that you really need to ensure tight version control afterwards.   For example if, as you state, data entry validation is one of your goals then how do you ensure people are not using uncontrolled, non-modified versions of ADUC? 
 
One approach that works quite well is to develop a web font-end and proxy all your admin tasks through that.  This has a number of advantages, e.g
 
  • Tight version control.  With a limited and controlled distribution you know everyone is using the same version.
  • Good data entry validation.  You can specify exactly the validation that you need.
  • The ability to use a separate (proxy) account to perform tasks.  For example, if an admin creates a computer object, this sets the admin's account as the owner of the object and this confers certain rights.  You may not want this for a variety of reasons, so it is better to have one account as the owner for all computer objects.
The resources involved in developing a solution such as this are quite high, but the benefits to larger organisations are obvious.  Also, the developer resources available now are much better than they were a few years ago.  Many people have done this before, so you should be able to find good samples on the web for what you need to achieve.
 
There are some good third party solutions available, but these may not provide you with the granularity of control you require (IMHO).
 
Tony

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of IAN FRASER
Sent: Samstag, 1. Mai 2004 20:25
To: [EMAIL PROTECTED]
Subject: [ActiveDir] ADUC Customization / Input Validation

Has anyone done much work with customizing ADUC to include new tabs,
drop down fields, radio buttons etc.

I'm interested in data entry validation in ADUC, or a similar
interface. We really need consistancy in data being entered into AD, and I dont
think that the current system is fool proof enough for a larger
organisation.

From what I can see, the MS SDK and some C++ experience is the only
way around this, or to modify the display specifiers, and drop this out
to a WSH script (which is OK, but not my ideal option)

Guidance on available 3rd party tools / customization ideas / experience would be greatly appreciated.


Ian Fraser

Cancer Research UK

Reply via email to