Active Directory User Interface
Only YOU can prevent forest fires... or help find a decent user manager for ActiveDirectory.
I’ve run across a problem, and I’m hoping our loyal and brilliant ForeverGeek readers can come up with a solution.
I have an ActiveDirectory setup, and I need a better management tool for it. The problem is, it’s not a typical users and groups setup, we have no problem with those.. The application was set up with an “Applications” folder, inside which are a number of apps… so, “MyApp,” for example. Inside MyApp are app_functions, app_properties, app_roles, and app_users. The app_roles items have a property called “member” which contains one or more references to items in app_properties. The app_users items have “function”, “role”, and “property” properties, which contain 0 or more references to items in the appropriate matching sections. With me so far? I know this isn’t terribly standard.
Right now, we have a java based interface that was written for us to manage users. It’s a 3 pane window, with Roles on the left, Users on the right, and in the middle can be either Functions or Properties. We can assign Functions to either Roles or Users; Properties and Roles can be assigned only to Users. A User can have multiple Roles, but only one copy of each, they can have multiple properties, including more than one of each (for example, one property might be “locationID” and they might have 5 of them assigned). The tool does the job, but it doesn’t scale well for a couple of reasons. First, there’s no sorting. At all. Stuff is pulled out in whatever order AD stores it internally, which seems to be fairly random. And while there’s a search, it doesn’t actually do any good… if I search JoeBlow, it shows him if he’s in there, but that’s all. I can’t edit his listing or anything from the search interface. Also, there’s no decent reporting (I can’t say “show me everyone who is in role ‘Developer'” or “show me everyone who has function ‘MyFunction'”), and no logging at all of usage of the tool, so we have no idea who’s doing what, when… and best of all, there’s only one user account, so even if there was logging, it wouldn’t be terribly useful. There are other little bugs, minor annoyances, but these are the primary functional issues from which one can derive what I’m looking for.
So, there’s my problem… does anyone have any suggestions? And no, we can’t switch to a different environment and can’t change how the system is set up… open source or commercial is fine, but it has to run on windows. Thank you in advance for your help.