Synchronize HR to AD: transaction workflow

Over the past years I have developed a number of automated synchronization projects between HR systems and Active Directory. The major advantage of such a link is that any employee or organization change is pushed to the Active Directory.

The latest incarnation of the design for synchronization systems is a workflow transaction system, where the actual link consists of 2 parts: the change detection and the change execution. This allows for much greater flexibility, as the first part is entirely read-only and can be executed and tested in live environments. The 2nd part is the actual execution and can be tested on single transactions without having to modify the entire system. When working with transactions you get the added bonus of history and reporting, since all changes are tracked by source system, date, approving operator and executed action details.

For the end-user to remain in control of the synchronisation, I developed a custom web-interface which reads and processes transactions in cooperation with UMRA from Tools4ever bv. UMRA is excellent in executing database queries, AD queries and merging this information to allow for easy HR-AD change detection. UMRA records all changes to any form of transaction storage (database, CSV), which the web interface picks up. Using the web interface you can easily approve open transactions and browse through last month’s processed transactions. When approving a change, the details are again submitted to the UMRA engine which executes all appropriate Active Directory actions, such as user creation, group/OU modification, hide mailbox, update attributes, delete home-directories, etc.

• active directory
• umra