We are currently a Google Apps shop and also have a number of other applications that we need to match the user in AD to. In addition, we have two forests that Adaxes manages and one of those forests is multi-domain. Right now, I want to add a unique ID to every user that will be used to connect them to every other system and maintain that connection even if their account is re-created in another domain or forest. What I want to know is what is the best way for Adaxes to create these unique IDs? We were thinking of using the serialnumber attribute to store these IDs?
I had considered to have powershell generate a 20 digit random number, verify that it is unique in the system and if so, assign it to the user. We maintain about 3000 users.
--The ID would never be changed once assigned to the user account and would always be associated with the user. (The payroll ID (employeeID) would not work here since HR does not create that until payroll which could be up to two weeks after the user is created)
--Later we would like to create custom commands in Adaxes that would help us move a user from one domain to another. (It would not be important that they maintain their domain identity, so taking the data from their current AD account and using it to create a new one would be perfect. They would need to keep the unique ID to maintain the link between all the systems)
So for example:
1. User account is created in Adaxes and provided a unique ID
2. A Google mailbox is created and an attribute is set with the unique ID from AD.
3. User accounts are also created in other applications and the unique ID is used to map them back to the user in AD
If later there is a need to move the user from one domain to another, the unique ID would be used to maintain their connection with the Google mailbox.
I am looking forward to recommendations on the best way to create and assign the unique IDs as well as any feedback on our idea.
Thanks in advance everyone