Monday, January 5, 2009

PrimalForms & PowerShell AD Tool

We are in the middle of a file migration and our policy dictates that as our file shares are moved they need to have the following structure:
  • Access.Neurosurgery.Public.Change
  • Access.Neurosurgery.Public.Full
  • Access.Neurosurgery.Public.Read
So every time a new group is requested, the admin has to create 3 distinct groups, assign the scope & type and add the "Managed By" username. Not hard, but time consuming. This looked like a great candidate for PrimalForms!

The UI is pretty straight forward. It asks for the group name, the scope and the owner.

When the Verify Group button is pressed, we perform a few checks before we create the groups. First we check to see if there are similar groups. In this case, the panel is now visible and the status bar indicates that like groups already exist.

Once we verify the group name, we need to verify that the entered group owner is in fact a legitimate AD object.

In this case, the user is not valid. Once all the data is verified, we give the user one last chance to cancel before the groups are created.

That's about it!



Jeffery Hicks said...

Very nice. I haven't had a chance to look at your code, but from the forms it looks like you are hard coding the AD container where the group lives. It would be a nice double-check to display the full path and even better to give the admin a chance to change it. If your AD ever gets re-org'd you'd have to modify your script.

Finally, I think you should punch it up with a school logo or graphic. Give it an identity and admins will have a sense of ownership.

Wes Stahler said...

Thanks for the suggestions Jeff! I will incorporate the changes and will give some thought to branding.

Have fun in CA!