Hi all,
Moving forward, MIM (Microsoft Identity Manager) will be used for the creation of all staff and student user accounts, and attributes for users will be pulled from Banner. I have listed some of the AD attributes that will be controlled by MIM; please keep in mind that attributes controlled by MIM must be changed in Banner because changes made directly to these attributes in AD will be overwritten during the next sync cycle (in approximately 3 minutes or less).
As you may guess, the introduction of MIM will change the onboarding and offboarding processes for staff accounts. Changes to these processes is documented on the support site in the solutions section.
- SamAccountName/Username
- This field can be found in the Third Party ID field in GOATPAD/GOATPAC
- Currently, changes to this field do not change the person's username in AD. If a username needs to be changed, it has to be done in both AD and Banner.
- User Principal Name (UPN)
- This is the User Logon Name field located on the Account tab in AD
- This always follows the format username@nwfsc.edu
- First name, Last name, and middle initial
- These attributes are controlled by the fields located on the Current Identification tab in SPAIDEN/PPAIDEN
- If a user would like for their first name to appear differently in AD, you can put the name they requested into the Preferred First Name field. All other name changes are handled by HR/student services.
- E-Mail address, target address, and proxy addresses
- The primary email address (This is the email address on the General tab in AD. It is also what appears on the user's contact card in Outlook) is pulled from the E-mail tab in SPAIDEN/PPAIDEN
- In order for the email to be synced, it must be preferred and be of the college (COL) type. If there is no email that fits the criteria, it falls back to username@nwfsc.edu
- Target address
- This will always follow the format SMTP:username@livenwfsc.onmicrosoft.com
- Proxy addresses
- Similarly to the target address, proxy addresses are based off the username defined in banner, but MIM has been programmed to include any proxy addresses that already exist in AD
- msExchHideFromAddressLists
- This attribute is false when the user's employee status is Active in Banner, otherwise it is true
- This attribute tells Outlook whether to hide users from searches in the Global Address List
- A user's employee status can be found in the Employee Status field on PEAEMPL
- OU (location of the user) and Canonical Name (CN)
- A user's location and CN is determined by a combination of employee status, student status, and username in Banner. Moving users is no longer necessary and not recommended as you may end up fighting MIM over the user's location.
- An example of the CN of a user can be found below. In this case, the CN for my user account is "Parmer, Andrew (parmera)"
- NWFSC-SPRIDENID, NWFSC-ISO, NWFSC-PIDM, NWFSC-UDCID
- These are 4 custom attributes that were created in AD to house other info about a user
- These attributes cannot be read by default, currently only Z accounts with Active Directory privileges can read these
- NWFSC-SPRIDENID is the SPRIDEN ID of a person (E.g. N19020085)
- NWFSC-ISO is the ISO card number which is created by OneCard and used by PaperCut
- NWFSC-PIDM is the PIDM (or unique ID) of the person in Banner
- NWFSC-UDCID is the UDC ID field which is used for authentication to Banner applications
- The home and pager fields in AD are no longer being used and have been replaced by the custom attributes listed above
- Home directories
- Home directory creation is a little more complex but will still be automated in this new system
- All new user accounts will have home directories created at \\nwfsc\storage\users\username
Some of these changes may be confusing or hard to explain over text; so if you have any questions please let me know.
Thanks,
Andrew Parmer
System Administrator
Northwest Florida State College
(850) 729-5330