When was the last time you checked to see if your Active Directory user accounts matched your HRIS? What about a quick check to see if everyone had the correct department, phone number, or if they even had a mobile phone listed?
There are obvious security advantages to having the correct accounts have access to the network. There is nothing worse than having an ex-employee still have an Active Directory user account. Well, the only thing worse I can think of is an ANGRY ex-employee with a user account. You have to get them out of Active Directory.
What about data integrity in Active Directory? Why is that important? The obvious answer is employee productivity. If I have to get ahold of Joe in accounting from the Iowa office, it is pretty important that I can find his email address and phone number. If I can’t remember his last name, it is also pretty helpful to be able to search by department.
So, how do you do it? It is fairly easy with two methods, that really should be used in tandem. Synchronization and self service. HRIS is almost always the authoritative source for data, run jobs that synchronize the backend database with Active Directory. If other important bits of data are elsewhere (my favorite absurd example is shoe size), synchronize that DB/spreadsheet to Active Directory. Heck, maybe run the job both ways and put shoe size in the HRIS.
And you can never forget your most important source of identity information: the user whose identity you care about. Give them input into Active Directory with a self service solution. Be sure to avoid the most common pitfalls in AD self service. These users can update information that nobody knows, shoe size, mobile phone number, et cetera.
Now that you’ve read this far, here’s Imanami’s way of helping this situation. Download three modules of GroupID: 1) Reports, 2) Synchronize, & 3) Self Service. GroupID Reports will give you an idea of the shape that Active Directory is in, it is a free tool that is yours to keep. GroupID Synchronize and Self Service are free 30 day trials that should help you get things sorted out.
Imanami offers full technical support during the evaluation and can ensure that it helps you solve this problem. Take a test drive and see how much better accurate Active Directory data is.
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.