Active Directory management & automation

Central YMCA Case Study

Central YMCA

Central YMCA. Founded in 1844, we are the UK's leading health and fitness charity and the world's first YMCA. Changing lives for the better through a unique blend of education, training and campaigning, we're here to make others happier, healthier and more active.

Challenge

Challenge 1: Fully automate the membership of security groups and distribution lists based on Active Directory properties such as job title, address and hierarchy. Challenge 2: Enhance or fully automate the provisioning of Office 365 accounts without the need to use the Office 365 Admin Portal or for staff to be PowerShell experts. Challenge 3: Enhance and make more efficient, Office 365 changes such as adding delegate access to all mailboxes or adding the online archive option to the selected AD accounts without needing CSV files or PowerShell in its raw form. Challenge 4: Ensure certain AD fields are mandatory depending on OU positioning.

Solution

Challenge 1: Business Rules were implemented to add AD accounts to groups based on other AD properties. This was further enhanced by using the Adaxes PowerShell commands to remove accounts from groups. Using a single (but long) PowerShell script copied from Adaxes tutorials, in combination with point and click Business Rule actions, all group membership is fully automated each night. To achieve the scheduling, an Adaxes scheduled job is run that updates the PO Box field of AD accounts with a blank space, thus triggering an account change, which triggers the Business Rule. Challenge 2: Office 365 is supported natively by Adaxes. Using the Custom Commands within the application, users can be Office 365 enabled and then assigned an E2 or E3 license in one click and in under a few seconds, without the need to enter the Office 365 Admin Portal. Challenge 3: Using a PowerShell command found on Microsoft's website, a Custom Command was created that enables the online archive, opens the calendar to all other employees and adds the IT Security Groups as delegates to the account. All this can happen in a couple of clicks and takes only a few seconds. Bulk selecting accounts enables the command to be run on all of them. Challenge 4: Property Patterns were created that stipulate fields requirements for the Employee ID element as mandatory and requiring a numerical value between four and eight digits in length. The contents of this field is copied to the Employee Number element too. The Description field is automatically filled in and automatically updated upon a change. The contents of this field is a concatenation of three other fields which makes them consistent and usable for reporting purposes.

Benefits

Challenge 1: This saves several hours per month of IT administration time. The biggest benefit is that group membership is 100% accurate at all times and never more than 24 hours out of sync. Challenge 2 and 3: Saves at least 15 minutes per account created and allows staff to spend their time on better things. Challenge 4: While only a little time has been saved per account, Adaxes more importantly ensures consistency and accuracy - something that IT people in a rush can lose sight of. Based on the past year, we have had 600 account changes of varying description. We have also had over 50 starters. Assuming just a five minute saving for the account changes, which are now almost a hands-off affair, up to 50 man-hours have been saved. With regards to the new starters, using the saving of 15 minutes has equated to roughly 12 man-hours have been saved. Time savings aside, it is the quality and consistency of our AD data that is most beneficial.

Screens

811a1791a1bcef8e2ccc22391d3f8209.png
97ba7213d027ca143d6a27827aa0e812.png
8bb5832092c2d00d87d6fa62a30eb6da.png
Nick Gatt
Head of ICT
? Waiting

Progress status: Checking...