ESR/AD INTEGRATION & QUEST ACTIVE ROLES SERVER Rotherham Primary Care
9 Slides259.17 KB
ESR/AD INTEGRATION & QUEST ACTIVE ROLES SERVER Rotherham Primary Care Trust Derek Stowe IT Infrastructure Manager
Introduction to the Trust Rotherham Nr Sheffield Serves a population of approx 248,000 1850 full/part time staff Microsoft Windows 2003 AD/Exchange Microsoft XP/Vista Desktop Touchpaper ITBM Service Desk SMS (SCCM)/SCOM/WSUS/Forefront Virtual Server environment Clustered SAN technology
Specific IT Challenges Security of the Domain Ensuring users have the correct access Ensuring users have timely access Ensuring accounts are up to date Time taken for account changes i.e. name change Lack of information from HR Lack of information from department managers
IT Challenge for which we deployed the solution Account creation could take anything from 3 days to 2 weeks. Accounts existed that were up to 2 years old for employees that had left or moved Very confused and messy paper trail Time spent chasing information Massive data overhead (profiles and home directories)
Considerations ESR was being introduced across the NHS Integration into current Active Directory and supplemental systems Active Directory access needed policy control Easy to use interface for 1st line support Full automation of PCT employee accounts including de-provisioning Cost and knowledge of company chosen Support knowledge and ease of self support
The Solution Quest ARS and Password Manager Other solutions considered from leading companies Currently used and using Quest toolsets Quest had a current solution that could be adapted to our needs Very good knowledge of NHS current deployments and relationship with CfH Excellent sales/installation and after sales service
The Result Full integration of ESR data with AD Auto account provision/de-provision Auto assignment to groups Full reporting and auto creation of user’s welcome letter Easy management user interface Full ROI expected within 9 months No staff input required apart from incidental accounts i.e. temporary accounts so up to 20hrs per week saved across departments (est) NO DOWNTIME
Lessons learned Reliance on 3rd party to send correct data format on time Introduce procedures for managers prior to installation Ensure availability of staff for training Watch and learn Use a company you trust and has knowledge of the NHS Allow for bespoke projects to run over time
Summary/Conclusion By deploying Quest Active Roles and Password Manager we achieved full automation of our account management on AD and passed the onerous task of password resets to the end user. This means we have a fully secure and up to date AD which requires very little account maintenance. Time and money saved all round with the added bonus of full security
