Need help identifying the workflow needed to building a bulk csv import template..
We have O365 subscriptions, so we use two different new user templates that run a small script at the end to assign either a E2 or E3 O365 license after the user is created in AD. I am having difficulty in seeing how to create a csv file, with the appropriate AD property names as the headers. I was hoping someone knew of a quick and easy way to peak inside the new user creation process via template, to see what all the csv headers needed to be. Also, im not sure if the scripts that run along with
Bulk Account creation
Hi, I understand that the whole point of AD User bulk creation feature is time saving hence need to know the following before I know if it's any useful for me or not? Is there any way to use an excel workbook rather than CSV as converting columns to csv format but take more time than creating the account manually. I created a template in AD Manage Plus for user creation but when I try to upload a csv but got the following validation errors: As per the screenshot below: I have selected Logon name(pre-windows
Use-case 33: How To Manage Contract Employee In Your Active Directory Part II
On an earlier post on, How to manage contract employees(https://forums.manageengine.com/topic/use-case-16-how-to-manage-contract-employees-in-your-active-directory), we had a glimpse at how you can set account expiry dates and render the contract employee account unusable after a point in time. And what accounts work best for contract employees(https://forums.manageengine.com/topic/use-case-26-what-account-works-best-for-contract-employees-in-your-active-directory), we had two account options based
Use-case 32: How To Monitor Employee Login On A Daily Basis In Your Active Directory.
Monitoring logon activity is a great way to gauge productivity of an employee. By this we can also monitor attendance, ensure logon takes place in authorized business hours, etc. Active Directory stores logon timestamps on lastLogon and lastLogonTimestamp attrbutes. The difference between the two attributes are, lastLogon attribute stores the last time the user logged on to the domain through that specific domain controller. This is non replicating attribute. lastLogonTimestamp attribute replicates
How do i add remove manager from user in a automation?
Hi, Is there any way to add remove manager from user in a automation? Is there a guide? Admanager made my life so much easier :)
Enabling HTTPS
Hi All, I have been running ADManager Plus for a while now and been using HTTP to connect. I enabled HTTPS couple days ago and now I cannot access the tool. I get " This page can't be displayed" message. It did work right after I enabled HTTPS. Now the service does not start and netstat does not show port 8443. Thanks
Groupmanagement on specific OUs
Hi there, I am trying to set up a new role for our application admins and it does not work as I planed it. Here ist what I have done so far: - added a new technican - chose a the role to edit groups, in this case to add and delete members - chose the right OU where the groups lay in If the admin logs in on the website he can see the groups but is not able to add users, which are in different OUs. For example: OU1 called DMS with several groups -> this OU I have added to the technican OU2 called Corp
Use-case 27: How To Delegate Permissions In The Active Directory For Users/Groups/Computers And Revoke Them Easily
Delegation is a fanta-bulous feature provided by Active Directory to assign permissions or rights over an OU or an account. Let's say we assign permission to reset passwords for all users under an OU, to another user. This delegation wizard will substantially reduce the time consumed by an IT help desk to respond for a password reset ticket, as his sidekick would share and bear the load. What are the advantages of Active Directory Delegation? Rather than adding users to a privileged group, for
Off-boarding user, export info and disable/move?
I see there are some features/options with the product, that can automate disabling and moving a disabled user to an OU and removing their attributes. But is there a way in the automation to first export/e-mail all the users' AD info (like running the powershell cmdlet "get-aduser -properties *") first, before doing the disabling and attribute scrubbing? The purpose of that would be to have a log of what attributes the user had before ADManager scrubs them. There is a Custom Script area,
Deprovisioning automation/policy question
Hello First thanks for the product. it's great. edit: doh, I'm so stupid sorry. I didn't realize in automation policy, you can have multiple "instant tasks". Is that the best way to do it if you want to disable a user, remove security groups, and move them to an OU, all in the same "task"?
Use-case 26: What Accounts Work Best For Contract Employees In Your Active Directory
To begin with, let's bring out some differences between your regular employees and your contract employees. 1. Regular employees do not come with an end-of-contract date, whereas contract employee do. 2. Regular employees would require an account on the domain to provide access over resources, whereas contract employees may not. 3. Regular employees would require a dedicated mailbox to send, receive and store emails that are exchanged within the organization, whereas an external mailbox would suffice
Use-case 25: When And How To Reset Computer Account Password In Your Active Directory
Just like user accounts, computer accounts also have passwords in the Active Directory. This password allows them to constantly communicate with the Domain Controllers, through the security channel. Information pertaining to computer account, group membership, etc. are exchanged through this secure channel. The password is changed without any user intervention once in 30 days by default, just to keep the passage secure. If the computer loses it's connectivity with the DC, owing to a few reasons like
How can I make my templates available for other users?
Hello, I have created some users creation and modification templates and Im the only one who can use them, I need to make them available for other operators. Dont know if there is an export/import feature or a way to make them "public" Thank you
Modifying one local user account on multiple servers
Hello, We just had an instance where we had to change the password on a local admin account used on several servers. This was time consuming to say the least! Is there any way that ADManager Plus could have done this? If not, is it something you might consider for a new feature in a future release? Thank you, Kelly B
Moving scheduled reports
Hi, I need to move some scheduled reports from one computer to another. Is this easy to do or do I have to re-create all the reports? There are quite a lot of them. Regards,
Groups and numbers of members
I haven't been able to create a report that provides just the group name and number of members in the groups. Anyone know how that is done?
Use-case 24: How To Isolate And Migrate Home Folders/Profile Paths Of Employees When Decommissioning File Servers In Your Active Directory
Some pain points I.T. Asset Management(ITAM) Ops deal with, is life-cycle management of servers. Especially, when there is a request for change of an out-of-date file server which was not accounted/maintained properly, during its lifetime. This causes great difficulty in validating the documents, tracking access entries to the documents and assessing the impact of retiring the server. Home folders and profile paths are Active Directory resources, which are usually associated with file servers. They
Use-case 23: How To Manage Employee Logon Restriction To Avoid Unrestricted Access To Your Active Directory.
Restricting employee logon access may be trivial. However, to any admin who believes his Active Directory holds a cove of resources, this can go a long way. Some advantages of implementing a business hour based logon are, 1. Primarily, restricting logon during non-business hours as this would prevent unauthorized or unmonitored logon. 2. Less likely chances of expecting an attack as "gaining access" to any resource is out of the question. 3. Ensuring productivity as the employee as they would have
Configuration
Hi, Is it possible to amend the : Inside ADManager Plus ADManager Plus has a stream of tools to manage Active Directory from anywhere. ....that appears on the right side of the Home page? A
displayNamePrintable attribute in User Creation Template
Hello, I need the ability to have the displayNamePrintable attribute in my user creation template. I've added a custom attribute but what I need is for displayNamePrintable to be the same as displayname so ideally I'd like the field type to be 'Naming Format' but the only options I have on the custom attribute when I add it to the template are' Single Line, Editable Dropdown, Dropdown and Date Picker. How can I make the custom attribute displaynamePrintable default to 'First Name Last Name? Thanks
Custom LDAP Attributes
Hi, We have added a custom attribute for proxyAddresses to capture the addtional e-mail addresses for our Distribution groups. For some reason this is only picking up a single entry. We have around 3 proxy addresses for each distribution mailbox group on AD, so do you know why this is only picking up 1 of them ? A
list of groups and their members
Hello all, I need to generate the following reports 1- list of groups and their members. 2- list of users, and what groups are each in. the reports built in, actually mix the whole users selected, as one, and mix them all together.
Recommended methods / practices for updating Title, Department, etc?
i am curious as to what users are doing or developers recommend in terms of updating employees' Titles and departments. How is this best done through ADManager when automating? Would you simply have a csv export from the HR database with employeeNumber and Title? And how can you automate matching the users in AD based on that attribute or based on other attributes in order to update those types of other attributes?
Powershell debugging
Anyone know how to get debug information when running custom script? I have a script to run when a user is disabled that, if they manage and other users, re-assigned those users to the manager of the now disabled user, and then sends the new mamager an email. The user gets disabled OK, the process says the script ran OK, but the manager does not get changed and the email does not get sent. Any ideas? Mark Ashley Weston College
Default Description to Current Date
I am creating a template in ADManager to use when I disable users. In my template I want the value for the Description field to the current date and my initials so I know I disabled this person on this date. Is there a way to put the current date in the the field without having to manually typing it in every time?
Use-case 3: How To Standardize The Format Of Names In Various Active Directory Naming Fields While Provisioning User Accounts
A user provisioning technique that standardizes the format in attributes like sAMAccountName and userPrincipalName throughout the organization can be of help. You can link a naming format with a User Creation Template, that takes inputs from fields like first name, last name, etc. and populate the format for fields like sAMAccountName, userPrincipalName, mail, etc. A simple approach on provisioning users with this technique follows, Step 1: To create a naming format, let say "1st letter of the
O365 Account Creation
Hi I have a separate server that runs Azure AD Connect. With ADManager Plus being on a separate server, how do I configure it when creating accounts to also make sure the user is put into O365? This may not be necessary since their account would be getting sync'd to O365 via Azure AD Connect automatically (usually within a few minutes). But, how is it supposed to work if using Azure AD Management only? You would need Azure AD Connect installed locally on the server, and it would just kick off
Password attribute and best practice question
Hi I noticed %password% for user accounts can be used in areas, such as the new account creation with custom script (passed as an argument). Where does the %password% variable source from? Is there an encrypted database within ADManager where user password are stored? Is it all passwords or just the ones that are created? Also on a different note, what's your recommended ways of communicating the first time sign in AD password to a new-hire in your company? Would you print it out onto paper for
Use-case 17: Securing Employee Accounts In Your Active Directory When They Are On A Holiday
Ah! The bliss of the holidays. The sense of freedom and the time when you ask yourself, "Is it a beach or a mountain?!". But, when you are on a holiday and have no track of your Active Directory account, your account is prone to be cracked and misused. As an IT Admin, the best way to handle employees, that are on vacation, is by disabling the account and sending an out-of-office email. Through the Disable Policy in ADManager Plus, you can disable the account --> move it to an OU (Holiday Employees)
Use-case 16: How To Manage Contract Employees In Your Active Directory
Contract employees are similar to your conventional employees. But what is the big fuss all about?! Your full time employees don't come with an expiry date. So what are the advantages of having an expiry date? 1. Expired account become unusable at a specific time, like a disabled user(the user account is not disabled when the account expires). 2. This is more or less like an automation provided by Microsoft to disable users. 3. Really handy, just in case you forget to disable the account once the
Locked Out Users
Hi, We have setup the AD Manager to report of when users Lockout their Domain accounts, is there any way to find out which PC\Server this lockout was actioned against within AD Manager ? Obviously we could view the logs on the servers but just checking to see if there are any options that don't require buying another product :-) Any ideas would be appreciated. Andrew
Share Permission Enumeration
Enumeration of the share & NTFS permissions on a per server basis Andrew Bray
server share report
how can I run the same report repeatedly if its not available in the schedule report?
Scheduled NTFS reports
Is there a way top run a schedules NTFS report? I am not being able to find the option under Report Type in the Schedule Report screen. Thank you very much. Luis
Company info for templates
I wasn't sure whether to post this under idea or question because I'm not sure if I'm just missing something here or if it's just not possible currently. I work for a mid-sized bank that has around 100 locations. Each location has a teller, CSR, Branch Manager, Asst. BM and loan people. We are having issues with admins creating accounts in AD and inputting things slightly different, for instance one will abbreviate Street while another will type it all out. This causes issues when we try to do
User Modification Templates functionality built into User Creation Templates?
The User Modification Templates are nice, but I would like to see the auto-fill rules available in the User Creation Templates. It seems more appropriate to be in the creation side anyway. I work in a large organization with dozens of different office locations, so it would be nice to setup a new user template, and when a specific office is selected it auto-fills the address information. Otherwise, I have to create a couple dozen different templates, or have my helpdesk copy/paste the info into
Use-case 1: Provisioning User Accounts For New Employees With The Same Department In The Active Directory Easily
Any organization would love to provision user accounts, with a few clicks, for new joinee's in a department. All accounts may differ with name but have a similar value on department, title, company, etc. Through User Creation Templates in ADManager Plus, you can pre-fill AD fields available on the UI and efficiently utilize them during creation. Step 1: Kindly go to AD Mgmt --> User Management --> User templates --> User Creation templates. Step 2: Click on Create New Template. Step 3: Create a new
ADManager Plus rolls out build 6380
ADManager Plus build 6380 (June 2016) We are delighted to announce the release of ADManager Plus 6380 build with PPM. Please find the new feature,enhancements and fixes included in this build, New Features: Move contacts: You can now move contact objects from one container (organizational unit) to another. As per your need, you can: - Move a single contact. - Move multiple contacts at a time. - Use CSV import to move contacts in bulk. Copy schedule: This feature simplifies the creation of
How can we view the custom script result status in ADManager plus.
I have a User modification template which trigger a custom script that is a VBS script. When we click "Update user" the script run and does its job fine(Which in this case is to disabled the user and move it to another OU) . But i have error handling in my script and i want to be able to show the technician a confirmation that everything goes fine or if the script failed in some point if for whatever reason it happen. AD Manager seems to report a failure only when the script does not start at all
How do I delegate distribution list management to HR Role
Hi folks, I'm relatively new to ADManager, and I'd like to be able to delegate distribution list modification to the HR role. How can I go about doing this? Thanks, Adam
Next Page