Active Directory interoperability with other systems.

Hi,

I am not too much familiar with Active Directory capabilities, my question
is:
1. Is it possible to configure Active Directory in a trigger like mode where
if a new user is created AD would add this info into a csv file or SQL
Server table, or if a user was deleted from AD it would also export this
info somehow. We would like to use this info in other systems and to build
that kind of automation.
2.If this is not possible are there any built-in tools in AD that could be
scheduled to run automatically to export certain fields for all the users in
AD into a csv file or Sql Server Table

Please let me know if my questions are not clear, essentially I am looking
for automated solution where other systems would be synchronized with AD
info when users are added/deleted from AD, so other systems would be aware
of that.

Thank you,

Vadim

Herb
Wed May 07 16:50:26 PDT 2008


"Vadim" <vadim@dontsend.com> wrote in message
news:u40YUUJsIHA.3680@TK2MSFTNGP05.phx.gbl...
> Hi,
>
> I am not too much familiar with Active Directory capabilities, my question
> is:
> 1. Is it possible to configure Active Directory in a trigger like mode
> where if a new user is created AD would add this info into a csv file or
> SQL Server table, or if a user was deleted from AD it would also export
> this info somehow. We would like to use this info in other systems and to
> build that kind of automation.

No, not directly. YOU could write an ADSI or LDAP script to do
something similar, but why would you wish to put the AD information
in ANOTHER database and then maintain the information in (at least)
2 places.

> 2.If this is not possible are there any built-in tools in AD that could
> be scheduled to run automatically to export certain fields for all the
> users in AD into a csv file or Sql Server Table

Not AD precisely but scheduling is part of the OS (and SQL server too.)

What are you REALLY trying to accomplish? That is, what would having
this SQL Server database really do FOR YOU?

You probably will be able to just USE AD for that purpose.

> Please let me know if my questions are not clear, essentially I am looking
> for automated solution where other systems would be synchronized with AD
> info when users are added/deleted from AD, so other systems would be aware
> of that.

You could theoretically turn on auditing and use eventtrigger to create an
automatic (non-polled) system.

Vadim
Wed May 07 19:47:23 PDT 2008

Herb,

Thank you for the reply.

We are building a bridge between a 3rd party system and AD, the 3rd party
system has to maintain it's own list of users for several reasons:
1. There will be some external users in the system that might not
necessarily be in AD (AD will only maintain records for internal users).
2. The 3rd party system is designed to also work at companies where no AD is
installed.
3. If users are removed from AD, this does not necessarily mean they should
be removed from the 3rd party system, but AD should notify the other system
that users were removed.
4.There are also issues of resources where AD admins won't have time to deal
with the issues of another system.
etc....

Vadim
"Herb Martin" <news@learnquick.com> wrote in message
news:eOi%23g0JsIHA.3780@TK2MSFTNGP03.phx.gbl...
>
> "Vadim" <vadim@dontsend.com> wrote in message
> news:u40YUUJsIHA.3680@TK2MSFTNGP05.phx.gbl...
>> Hi,
>>
>> I am not too much familiar with Active Directory capabilities, my
>> question is:
>> 1. Is it possible to configure Active Directory in a trigger like mode
>> where if a new user is created AD would add this info into a csv file or
>> SQL Server table, or if a user was deleted from AD it would also export
>> this info somehow. We would like to use this info in other systems and to
>> build that kind of automation.
>
> No, not directly. YOU could write an ADSI or LDAP script to do
> something similar, but why would you wish to put the AD information
> in ANOTHER database and then maintain the information in (at least)
> 2 places.
>
>> 2.If this is not possible are there any built-in tools in AD that could
>> be scheduled to run automatically to export certain fields for all the
>> users in AD into a csv file or Sql Server Table
>
> Not AD precisely but scheduling is part of the OS (and SQL server too.)
>
> What are you REALLY trying to accomplish? That is, what would having
> this SQL Server database really do FOR YOU?
>
> You probably will be able to just USE AD for that purpose.
>
>> Please let me know if my questions are not clear, essentially I am
>> looking for automated solution where other systems would be synchronized
>> with AD info when users are added/deleted from AD, so other systems would
>> be aware of that.
>
> You could theoretically turn on auditing and use eventtrigger to create an
> automatic (non-polled) system.
>

Herb
Wed May 07 23:45:29 PDT 2008


"Vadim" <vadim@dontsend.com> wrote in message
news:uLsyiMLsIHA.3604@TK2MSFTNGP03.phx.gbl...
> Herb,
>
> Thank you for the reply.
>
> We are building a bridge between a 3rd party system and AD, the 3rd party
> system has to maintain it's own list of users for several reasons:

Where does it need to maintain this list? There is no reason to introduce a
THIRD place, AD, SQL, and the third party system.


> 1. There will be some external users in the system that might not
> necessarily be in AD (AD will only maintain records for internal users).

You could add those to AD if you need to do so.

> 2. The 3rd party system is designed to also work at companies where no AD
> is installed.

> 3. If users are removed from AD, this does not necessarily mean they
> should be removed from the 3rd party system, but AD should notify the
> other system that users were removed.
> 4.There are also issues of resources where AD admins won't have time to
> deal with the issues of another system.
> etc....

Still nothing above indicates a need for a THIRD (SQL) system.