Archive for the 'PeopleSearch & PeopleUpdate' Category

New PeopleUpdate demostration videos – Web-based, Active Directory Management

Published May 3, 2010 Active Directory Updates , Microsoft Active Directory , PeopleSearch & PeopleUpdate Leave a Comment
Tags: , ,

Our engineers have created a series of demonstration online videos that provide insight into how PeopleUpdate can be used to delegate active directory updates out to the information and business owners within your organization.  Each video provides a different view of PeopleUpdate through the eyes of a typical end-user, a typical HR-user and a typical IT-user.  Here are the links to the online YouTube videos:

Typical end-user view - 

Typical HR-user view –

Typical IT-user view –

Needless to say, there are many other ways you can configure and customize PeopleUpdate to manage your Active Directory information based on your organizations’ needs.  Please take a look at the videos and let us know if you have any questions or comments.  And remember, you can always request a 30-day evaluation of PeopleUpdate on our website or call us toll free at +1-800-747-3565.

When to use OUs in Active Directory

Published March 5, 2010 Active Directory Health Check , Microsoft Active Directory , PeopleSearch & PeopleUpdate Comment
Tags: , , , , , , , , ,

This has been something that has bugged me for quite a while, when I see environments where Active Directory OU’s have been created to reflect the organization structure, whether that be departments or physical locations, I always wonder why someone would choose this model and if they really understand the features and functions in Active Directory.

When you create an Active Directory OU structure that reflects physical location or departments you have doomed yourself to a life of constant object moves for little or no value.  If you want to see which users are in a particular location or department use the attributes in Active Directory that correspond to those things!  Use a product like PeopleUpdate to allow delegated updates to Active Directory and then when you want to see all users in a particular location or department just perform a quick search of Active Directory.

When someone asks me when they should use or create another OU my answer is for Active Directory security delegation.  In limited cases I can buy in to creating OU’s to support Group Policies or at a very high level to separate normal user and computer accounts from IT/service accounts and computers.  One commonly overlooked feature of Group Policy is the ability to use WMI filtering, Active Directory security groups, and Active Directory Sites to filter when or to whom Group Policy is applied to users.

I’d like to hear from you what you think about this topic too, so post a comment or two.  We would love to hear from you.

For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565

Active Directory Reporting

Published February 14, 2010 Active Directory Reporting , Microsoft Active Directory , PeopleSearch & PeopleUpdate Leave a Comment
Tags: , , , , , , , , , , , , ,

Web Active Directory LLC has had Active Directory Reports as a part of our core product for a number of years. In a past career Active Directory Reporting was a big component of our IT audit performed by both internal and external auditors (Sarbanes Oxley reporting).  I continue to be amazed by the amount of information you can get out of reporting on Active Directory for auditing purposes or for just getting a quick view of what’s going on in your IT environment.  LDAP filters can be extremely powerful for Active Directory Reporting just the list of reports below.  Are there some Active Directory Reports that you have been asked for or would like to see?

User Reports

  • Accounts who are managers
  • Accounts with no logon script
  • Accounts with hidden mailbox
  • Disabled accounts
  • Accounts with change password at next logon
  • Accounts never logged in
  • Accounts with dial-in permission
  • Accounts without dial-in permission
  • Accounts with password not required
  • Accounts where password is expired
  • Accounts locked out
  • Accounts who are a member of 100+ groups
  • Accounts created in 2007
  • Accounts created in 2008
  • Accounts created in 2009
  • Accounts created in 2010

Group Reports

  • Groups without members
  • Domain Administrators
  • Enterprise Administrators
  • Administrators Accounts
  • Mail enabled groups
  • Mail enabled groups that are hidden
  • Groups with managers
  • Groups without managers
  • Universal distribution gropus
  • Universal security groups
  • All universal groups
  • Global distribution groups
  • Global security groups
  • All global gropus
  • Domain local distribution groups
  • Domain local security groups
  • All domain local groups
  • Groups with more than 4000 members

Computer Reports

  • Computers that have never logged on
  • Disabled computers
  • Computers that are domain controllers
  • Windows 2000 computers
  • Windows 2003 computers
  • Windows XP computers
  • Windows Vista computers
  • Windows 7 computers
  • Windows 2008 computers
  • Windows 2008 R2 computers
  • Servers
  • Workstations
  • Computers created in 2007
  • Computers created in 2008
  • Computers created in 2009
  • Computers created in 2010

PeopleUpdate and PeopleSearch are two Active Directory tools that provide robust reporting as well as many other benefits to help manage and update you Active Directory environment.  Contact us today at www.webactivedirectory.com

Web Active Directory is at the Texas Computer Education Association (TCEA) 2010

Published February 10, 2010 Microsoft Active Directory , PeoplePassword , PeopleSearch & PeopleUpdate Leave a Comment
Tags: , ,

We are at booth 206 of the 2010 TCEA show in Austin, Texas.  Please come by and see a demo of PeopleUpdate and PeoplePassword as we show the Texas Educational world that there is an easier way to manage their Active Directory. 

  • Update Active Directory information
  • Self Service Password reset
  • Active Directory reporting
  • Active Directory Group Management

Come see us at booth 206.  We will be here until Friday!

www.webactivedirectory.com

How to ensure fast queries when searching Microsoft Active Directory

Published December 31, 2009 Microsoft Active Directory , PeopleSearch & PeopleUpdate Leave a Comment
Tags: , , , , ,

Here’s a great article on MSDN that talks about methods to ensure when you search Active Directory that the results are returned as quickly as possible.  It’s something we refer back to quite often with our customers as well as when we ship new Active Directory reports in our products. 

A healthy Active Directory is a makes a happy administrator!

http://msdn.microsoft.com/en-us/library/aa746526(VS.85).aspx

Add photos to Active Directory

Published December 31, 2009 Microsoft Active Directory , PeopleSearch & PeopleUpdate Leave a Comment
Tags: , , , ,

Our PeopleSearch and PeopleUpdate product line:

http://www.webactivedirectory.com/Products/tabid/96/Default.aspx

…have long supported adding photo’s to a user account in Active Directory, it looks like Microsoft now has created a Powershell cmdlet to allow users to upload photo’s to user accounts in Active Directory.  There are some limitations on size though.

http://blogs.technet.com/ilvancri/archive/2009/11/17/upload-picture-in-outlook-2010-using-the-exchange-management-shell-exchange-2010.aspx

We also support linking an Active Directory account to photo’s stored on a file share so that you don’t bloat the size of your Active Directory.  I’ll write a later article on how we do that!

PeopleSearch and PeopleUpdate provide (and have for many years) their own web interface to display user photo’s in too, whether it be your intranet, internet, etc.  Here’s an example:

LDAP Filter to find accounts not set to expire in Microsoft Active Directory

Published December 30, 2009 Microsoft Active Directory , PeopleSearch & PeopleUpdate Leave a Comment
Tags: , , , , ,

In order to show accounts that are not set to expire you will need to use the below LDAP filter.

Accounts that don’t expire:

(&(objectCategory=person)(objectClass=user)(|(accountExpires=9223372036854775807)(accountExpires=0)))

 Accounts that have an expiration date:

(&(objectCategory=person)(objectClass=user)(&(!accountExpires=9223372036854775807)(!accountExpires=0)))

About the accountExpires attribute

Account-Expires Attribute

The date when the account expires. This value represents the number of 100 nanosecond intervals since January 1, 1601 (UTC). A value of 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807) indicates that the account never expires.

http://msdn2.microsoft.com/en-us/library/ms675098(VS.85).aspx

Top 5 Reasons you need web-based tools to manage your company’s Active Directory data

Published December 30, 2009 Microsoft Active Directory , PeopleSearch & PeopleUpdate Leave a Comment
Tags: , , , , , ,

Top 5 Reasons you need web-based tools to manage your company’s Active Directory data

  1. You have many more important things to accomplish today other than updating the new sales person’s phone number
  2. Your HR department changed the title of Product Marketing Manager back to Manager, Product Marketing
  3. The person who manages the “crackberry mobile users” distribution group needs to add yet another person to their group
  4. Your boss needs a report on the number of  Windows 2003® users and needs it – IN 5 MINUTES!
  5. That new sales person forgot his brand new Windows® password – FOR THE SECOND TIME

PeopleUpdate can help you manage and keep your AD information current and much, much more!

Search multiple Active Directory attributes from one search field

Published December 30, 2009 Microsoft Active Directory , PeopleSearch & PeopleUpdate Leave a Comment
Tags: , , ,

Description

Web Active Directory’s PeopleSearch and PeopleUpdate solutions provide powerful tools for searching Active Directory by allowing you to quickly and easily configure an intuitive search interface for your users. You might want to enhance how you search Active Directory, though, by providing a search field that will actually search more than one attribute. Microsoft has engineered Active Directory to provide exactly this option through a feature called Ambiguous Name Resolution (ANR).

What Is ANR?

Ambiguous Name Resolution, or ANR, allows you to search multiple object attributes for a match while only using one search field. Basically, ANR searches through the following attributes for a wildcard match when you pass a string to search. You can even add additional attributes to this list and the references at the bottom of this article include instructions to add new ANR attributes in your Active Directory configuration.

GivenName
Surname
displayName
LegacyExchangeDN
msExchMailNickname
RDN
physicalDeliveryOfficeName
proxyAddress
sAMAccountName
For example, if you search for “Smith,” ANR will expand the search filter to search not only on Surname, but also on the remainder of attributes in the list. This allows you to easily find objects in Active Directory when you may not know exactly which attribute you need to search.

How Do I Configure ANR in PeopleSearch and PeopleUpdate?

PeopleSearch and PeopleUpdate make it very easy to add ANR capabilities to your search configuration. Follow the simple process below to set up an ANR attribute in your environment.

Open the PeopleSearch/PeopleUpdate Admin Console.
Navigate to the tab-level Attributes page for the tab(s) where you want to provide the ANR search.
Add a new attribute to the configuration. You can set the Alias value to anything you would like and please ensure that you set the LDAP Name to “anr” so the search will work properly.
Navigate to the Page Layout for the Search page on the Task Item for which you want to provide the ANR search.
Add the new attribute to the Page Layout.
Test the configuration in the Search Console by entering a search term into the new attribute’s search field on the Search page. Ensure that the results include objects where any of the listed attributes match the search term.

More Information

Ambiguous Name Resolution provides a powerful tool for you to expand the utility of your Active Directory searches. Please note that you can incur possible performance issues because of how Active Directory expands an ANR search, especially in large environments with tens of thousands or more users, so you may want to restrict the search scope for the Tab (on the Directory page) or Task Item to limit the size of the search.

You can find more information about ANR in the following articles.

http://support.microsoft.com/kb/243299
http://www.msexchange.org/articles/Ambiguous-Name-Resolution.html

Enter your email address to subscribe to WebActiveDirectory blog via email.

Web Active Directory Products

Download PDF product data sheets:

Share this blog

Bookmark and Share