Synchronize HR to AD: transaction workflow

Synchronize HR to AD: transaction workflow

Door: Arnout van der Vorst

Over the past years I have developed a number of automated synchronization projects between HR systems and Active Directory. The major advantage of such a link is that any employee or organization change is pushed to the Active Directory.

The latest incarnation of the design for synchronization systems is a workflow transaction system, where the actual link consists of 2 parts: the change detection and the change execution. This allows for much greater flexibility, as the first part is entirely read-only and can be executed and tested in live environments. The 2nd part is the actual execution and can be tested on single transactions without having to modify the entire system. When working with transactions you get the added bonus of history and reporting, since all changes are tracked by source system, date, approving operator and executed action details.

For the end-user to remain in control of the synchronisation, I developed a custom web-interface which reads and processes transactions in cooperation with UMRA from Tools4ever bv. UMRA is excellent in executing database queries, AD queries and merging this information to allow for easy HR-AD change detection. UMRA records all changes to any form of transaction storage (database, CSV), which the web interface picks up. Using the web interface you can easily approve open transactions and browse through last month’s processed transactions. When approving a change, the details are again submitted to the UMRA engine which executes all appropriate Active Directory actions, such as user creation, group/OU modification, hide mailbox, update attributes, delete home-directories, etc.

Geschreven door:
Arnout van der Vorst

Arnout van der Vorst is Identity Management Architect bij Tools4ever en al ruim 10 jaar in dienst. Arnout legt zich als Architect toe op het bedenken en ontwikkelen van nieuwe features, oplossingen en diensten van Tools4ever die aansluiten op de vraag uit de markt. Arnout studeerde Hogere Informatica aan de Hogeschool van Utrecht.

Anderen bekeken ook

De vooroordelen van Single Sign On

29 november 2011

SAP koppeling met Active Directory

06 september 2012

User- en toegangsbeheer in cloud applicaties: een uitdaging

04 september 2012

RBAC: sleutelrol, beheer en evolutie

15 maart 2011

Single Sign On met terminal emulatie (VAX64, AS/400, Linux, SSH)

14 oktober 2010