User provisioning is a tough task in any IT environment of a reasonable size. Both new employees and the IT department can suffer from time delays, human errors, overcomplicated workflows, etc. It can take up to a full working day (often even more than that) to get a new user fully set up. In bigger companies with many employees coming and going every single day it all adds up and translates to huge cost losses. Fortunately, there are ways to avoid that. And here’s how.
The Challenge
The challenge is to minimize time delays during user provisioning. This includes speeding up processes like getting personal data, such as name, surname, job title, department, etc. and setting up user accounts, so that newly coming employees can start working ASAP.
Very often the path it takes information to travel from HR to IT is ridiculously overcomplicated. It’s hard to imagine how many steps and people can be involved in such simple and straightforward operation. So if you can simplify it as much as possible, that can reduce the complexity of the whole system and therefore save valuable time for everybody.
The Solution
CSV + PowerShell
One of the simplest yet efficient ways that you can improve the transfer of user data between HR and IT is using CSV files.
You need the HR department to output a standardized CSV file with all the needed information about new employees. This can be achieved in many ways, starting from filling in tables in Excel (not the best idea) to configuring the HR system to spit out CSV files of needed format.
Then you can import new users from CSV to Active Directory using a PowerShell script. The complexity of it will vary as you will add your own provisioning procedures, but the basic script that you will need will look something like this:
Import-Module ActiveDirectory
$file = "\\SERVER\Share\users.csv"
$targetDN = "CN=Users,DC=domain,DC=com"
$importedUsers = Import-Csv $file
foreach ($user in $importedUsers)
{
$user.Password = ConvertTo-SecureString -AsPlainText $user.Password -Force
$user.Enabled = [System.Boolean]::Parse($user.Enabled)
$user | New-ADUser -Path $targetDN
}
CSV file format used with the script:
Now, instead of manually provisioning every single user in ADUC, you can just execute you PowerShell script and have all new users in the system in one go.
The Improved Solution
CSV + PowerShell + Scheduled Task
Importing users from CSV with PowerShell reduces provisioning of multiple users to just one action. But is there a way to reduce this number even more?
Yes, there is. You can schedule your script to run periodically. If there are new users supplied via a CSV file, it will grab them and create accounts in Active Directory. So theoretically it all requires no actions from you at all. You just set things up and that’s it. All that is needed from you is to carefully monitor the system and fix things when they go wrong.
The Best Solution
Adaxes
Despite the fact that we have come up with a solution that literally requires no actions from you at all, it turns out that in the real world things might not add up together that well. This means that there still might be space for improvements.
Here’s where Adaxes comes into play. There are several features that can help you in importing new users in bulk using a CSV file:
- Proper provisioning. Adaxes allows you to automate practically any provisioning procedure, such as adding user to groups, allocating to OU, creating Exchange mailbox, etc. It is also possible to provision different users in a different way, based on criteria like department or job title. The great thing about Adaxes is that it can be completely separate from importing new users from CSV. This means that irrespective of the way new accounts are created, all provisioning procedures will be applied in a standardized manner, no matter how you create new users. Thus you can be sure that new users are properly set up at all times.
- Smarter Scheduling. With Adaxes you can significantly improve the scheduling of your import script. It allows you to control all your scheduled tasks from a single place making it much easier to manage them. Adaxes also doesn't tie itself to any of the DCs, so that scheduled tasks can run smoothly throughout all your environment, providing fault tolerance and load balancing that your environment deserves.
- More than just provisioning. Adaxes allows you to not only improve provisioning procedures with the help of CSV files, but also do any other operations that include taking many users in bulk, such as deprovisioning of users who are about to leave, updating users, etc.
Here are some examples of how Adaxes improves importing new users from CSV files:
Conclusion
Reducing time delays by importing newly coming users in bulk is a good idea for any IT department. It can bring significant advantages for everybody who is involved in the process. However, when it comes to the question, how far can you go along the path of improvements and polishing the solution you will utilize, it all depends on the size of your environment and the amount of time you are currently wasting.
You have to make a decision, how far do you want to take the automation based on what your company requires. But starting to move in that direction in the first place is definitely a no-brainer.