WIN2K
Students% first char %
ACTIVE STAFF ACCOUNTS AllGroups Grouping Groups Alphabetical Groups AllUsers NON-ACTIVE-USERS STF %DEPARTMENT NAME% STD NON-Students Security Groups Courses groups FACULTIES-STD DEPARTMENTS-STF MAJORS-STD %Faculty name%-%Major%-%GraduateFlag% %Faculty name%-std %Department name%-stf
%course_code %-%course_number%-% section_number%-% crn%-% term_code_key %-% instructor_email%
Students
%FACULTY NAME% %MAJOR NAME%
%GRAD FLAG% DISABLED STAFF ACCOUNTS
DISABLED STUDENT ACCOUNTS MCAllinterns MCAllResidents MCAllStaff notstudents prmedicine Graduates AllACADstaff undergraduates students
Adsync.exe scheduled job @ 4 hours
interval supplied with the number of days
for wich to query NETDB as arguments.
Open the buffer user list and processes it
line by line:
True
Each line is split into an array and
values are assigned:
the values are assigned from the array to the variables and global indexes are reset
False True False True False True True False False
Log event into No username log
Log event into processed users log
Loop True False True False
Exit
While Not buffer user list At End Of fileCheck If Username <>
BLANK
CHECK if user already exists
In AD CHECK if Old User id from oracle <> BLANK CHECK if Old User id already Exists In AD If an error occurred in this function itself
If any called function has generated
an error
Fix special and empty conditions:
Take care of department and majors names that contain non-allowed characters(,/().: ) take care of empty departments, majors names
and graduate flag and cost centers
update_existing_user
rename_user create_new_user create_new_user
Call the adsi error msg generating function
Send email to aubede
Send email to aubede containing the error
Create user buffer list from oracle NETDB
ID,login,first_name,last_name,PERS_TYPE,DEPT_C OLL_DESC,MAJOR_DESC,active,box,extension,cate gory,BARCODE,graduate,EMAIL,employment_date,P ROLE,MANAGED_BY,LOCATION,coll_code,old_uid
create_new_user
Set MAIN variables UserCn = "CN=" + Username UserPrincipalName = Username +
"@win2k.aub.edu.lb" IsAccountFirstCreation = "Y"
If User New State is set to Active
SetuserOUforactive SetuserOUfordisabled
True False
setUserhomepath
setUserinfo
If User New State is set to Active
createnewhomefolder setUsergroups True On error On error False
Set user.AccountDisabled = False Set user.AccountDisabled = True
Log event into newly created users log
EXIT user.setinfo If Error occurred Ture Call adsiErr("create_new_user") False On error
update_existing_user
Set UserCn = "CN=" + Username
If user has not been renamed True
False
setUserhomepath
setUserinfo
If User New State is set to Active
setUsergroups True On error On error On error False
Set user.AccountDisabled = False Set user.AccountDisabled = True
user.setinfo
If Error occurred True
SET UserAdsPath & OldHomeDriveLocation &
intUAC To values retrieved from active directory representing current status and information
also SET current_activ_stat = ture if user is disabled
Is User New State is set to Active
SetuserOUforactive SetuserOUfordisabled
True False
Is User New State is set to Active
createnewhomefolder True
False
clearUsergroupinggroups (clears users group membership to any group in ou=grouping groups,ou=security
groups)
clearUseralphagroups (clears users group membership to any
group in ou=alphabetical groups,ou=security groups) On error On error On error adsiErr("update_existing_user") False On error If PersonType is student True False
setUserhomepath
If PersonType = students
If PersonType = Intern or resident
If Category = "M" Then ' AUH staff '
NewHomeDriveLocation = "\\win2k.aub.edu.lb\Files\Home" & UCase(UserNameFirstChar) & "\" + Username
FTPRootdir = "\\win2k.aub.edu.lb\Files\Home" & UCase(UserNameFirstChar) & "\"
NewHomeDriveLocation = "\\win2k.aub.edu.lb\ files\INT-RS Homes\" + Username FTPRootdir = "\\win2k.aub.edu.lb\files\INT-RS Homes\" true False true False NewHomeDriveLocation = "\\win2k.aub.edu.lb\files\ MC home Folders\" + Username
FTPRootdir = "\\win2k.aub.edu.lb\Files\MC home folders\"
true
Else ' AUB Staff '
NewHomeDriveLocation = "\\win2k.aub.edu.lb\Files\Institutional Data\" + Username FTPRootdir = "\\win2k.aub.edu.lb\Files\Institutional Data\"
False
Createnewhomefolder
If OldHomeDriveLocation <> NewHomeDriveLocation
If NewHomeDrive does not exist
Create home Folder
If PersonType is student
Create hidden favorites folder
sethomefolderpermissions True True True False False False If OldHomeDriveLocation <> BLANK and Old Home
folder exists
Write robocopy command to log file of home transfer list
Execute robocopy to move content to new home
True
False
If user is changing status from disabled to enabled
If NewHomeDrive does not exist
recreate home folder for user since if it was deleted during the
cleaning procedure
If PersonType is student
Create hidden favorites folder
sethomefolderpermissions True True True False False EXIT False adsiErr("createnewhomefolder") On error On error On error On error On error
Sethomefolderpermissions
If PersonType = students
If PersonType = Intern or resident
If Category = "M" Then ' AUH staff '
Set admingroup = "allhomeadmins"
Set admingroup = "MChomeadmins" true False true False
Set admingroup = "MChomeadmins" true
Else ' AUB Staff ' Set admingroup = "InstitutionalDataAdmins"
False
EXIT Write xcacls command
command to log file xcacls.log.txt
Execute xcacls to set appropriate permissions on
home folder
adsiErr("sethomefolderpermissions") On error
setUserinfo
Is IsAccountFirstCreation flag set to "Y" True
false
Create user in finaloupath
SET THE FOLLOWING USER PROPERTIES "samAccountName","userPrincipalName",
Set "msNPAllowDialin" to False
"altSecurityIdentities", "Kerberos:" [email protected]" user.setinfo
Set user object to found user path in MAIN then clear "profilepath"
If AubManager <> "" Then
search AD for the managers username to get the DN of his ACCOUNT
True
Manager username found
Manager username not found
LOG EVENT invalidmanagerlog
SET THE FOLLOWING USER PROPERTIES "homeDirectory", FTPDir",
"msIIS-FTPRoot", "HomeDrive", "description", "givenName", "sn" LastName, "displayname",
ID", Employment-Date", "AUB-Prole",”AUB-PersonType”, "AUB-Location", "mail", "telephonenumber", "postofficebox",
“manager” user.setinfo
Is IsAccountFirstCreation flag set to "Y"
Set password to random
False
SET THE FOLLOWING USER PROPERTIES "homeDirectory", FTPDir",
"msIIS-FTPRoot", "HomeDrive", "description", "givenName", "sn" LastName, "displayname",
ID", Employment-Date", "AUB-Prole",”AUB-PersonType”, "AUB-Location", "mail", "telephonenumber", "postofficebox",
CLEAR MANAGER ATTRIBUTE user.setinfo
True
False
If error occurred in this function
adsiErr("setUserinfo") True
SetuserOUfordisabled
If PersonType = student True
False
Set finaloupath = "OU=STD,ou=NON-ACTIVE-USERS
,ou=allusers,dc=win2k,dc=aub,dc=edu,dc=lb" finaloupath = "OU=STF,OU=NON-ACTIVE-USERS ,ou=allusers,dc=win2k,dc=aub,dc=edu,dc=lb"
Is IsAccountFirstCreation flag set to "N"
Move User account Into THE
finaloupath
Move User account Into THE
finaloupath Is IsAccountFirstCreation flag set to "N"
EXIT
If error occurred in this function
adsiErr("SetuserOUfordisabled") True
False
False False
SetuserOUforactive
If PersonType = student
True False
Set
Finaloupath = "OU=" & GraduateFlag & ",OU=" & Major & ",OU=" & Department &
",OU=Students,OU=AllUsers,DC=win2k,DC=aub,DC= edu,DC=lb"
And set
finaluserpath = "LDAP://" & UserCn & "," & finaloupath
Set
Finaloupath = "OU=" & Department & ",OU=NON-Students,OU=AllUsers,DC=win2k,DC=aub,DC=edu,
DC=lb" And set
finaluserpath = "LDAP://" & UserCn & "," & finaloupath
Is IsAccountFirstCreation flasg set to "N"
Move User account Into THE
finaloupath
Move User account Into THE
finaloupath Is IsAccountFirstCreation flag set to "N"
EXIT
If error occurred in this function
adsiErr("SetuserOUforactive") True False False False True True Is there a change in user OU location finaluserpath <> UserAdsPath True True checkousExistense checkousExistense False Is there a change in user OU location finaluserpath <> UserAdsPath False
checkousExistense
If PersonType is Staff
check if department OU exists True
Create Department organizationalUnit with "description"=CostCenter/CollegeCode
check if CostCenter/CollegeCode number is in any of the existing
Ous descriptions False
False
True
rename the OU and assosiated GROUP to the new department name relevant for this CostCenter/CollegeCode as this
code should be unique
update OU description=CostC enter/CollegeCode
True
False (student)
check if faculty OU exists
check if MAJOR OU exists
check if gruaduateflag OU exists (UG,GR,PR)
update OU description=CostC enter/CollegeCode Create faculty organizationalUnit with
"description"=CostCenter/CollegeCode
Create MAJOR organizationalUnit
Create gruaduateflag organizationalUnit
False true
False
True
False
True
If error occurred in this function
adsiErr("checkousExistense") True
setUsergroups
checkgroupinggroupsExistense
If PersonType is "STUDENT” True
Add to group CN=(Department) & "-std" in OU=FACULTIES-STD
,OU=grouping groups
Add to group CN =students in ou=grouping groups
Add to alpha group CN ="Students" & (FirstChar in UserName)
in ou=alphabetical groups
Add to group cn=(Department) & "-" & (Major) & "-" & (GraduateFlag) In OU=MAJORS-STD,ou=grouping groups, CHECK GRADFLAG UG GR PR Add to group CN =undergraduates in ou=grouping groups Add to group CN =graduates in ou=grouping groups Add to group CN =prmedicine in ou=grouping groups False = STAFF
Add to group CN=(Department) & "-stf" in OU=DEPARTMENTS-STF
,OU=grouping groups
Add to group CN =notstudents in ou=grouping groups
Check if user Category = “AUH STAFF” CHECK PersonType IT RS AC Add to group CN =MCAllinterns in ou=grouping groups Add to group CN =MCAllResidents in ou=grouping groups Add to group CN =MCAllStaff
in ou=grouping groups TRUE FALSE Add to group CN =AllACADstaff in ou=grouping groups
If error occurred in this function
adsiErr("setUsergroups") True
False Other Other
checkgroupinggroupsExistense
If PersonType is Staff
check if department group (Department & "-STF") exists
In OU=DEPARTMENTS-STF ,OU=grouping groups
True
Create DEPARTMENT group False
True
False (student)
check if faculty group (Department & "-STD") exists
In OU=FACULTIES-STD ,OU=grouping groups
check if MAJOR group (Department & "-" & Major & "-" &
GraduateFlag) exists In OU=MAJORS-STD, ou=grouping groups Create FACULTY group
Create MAJOR group False
true
False
True
EXIT
If error occurred in this function
adsiErr("checkgroupinggroupsExistense") True
fix_special_and_empty_conditions
Take care of department and majors names that contain non-allowed characters
: ’ / , . ( ) If CostCenterCollegeCode = "" CostCenterColleg eCode = "UNDECLARED" If PersonType IS STUDENT If GraduateFlag = "" GraduateFlag = "UND" If Department = "" Department = "NO COLLEGE DESIGNATED" If Major = "" If Major = "" Major = "MAJORLESS" Major = "No major
Designated" If Department = "" Department = "NO DEPARTMENT SPECIFIED" True False
True False (staff)
True True False True True False True False False False
rename_user
Rename user object to its new CN name
Fix all relevant attributes with the new name "samAccountName"
"userPrincipalName" "altSecurityIdentities"
Check if current home folder exists True
setUserhomepath
Check if the new home folder path has
changed False
Rename the users folder only
True
Set the varaible OldHomeDriveLocation = to
the existing current home
createnewhomefolder false setUserhomepath Is ActiveFlag = "Y" createnewhomefolder True False
Set "homeDirectory" attribute in AD
Connect to oracle NETDB and set the field ucr_ads_processed for the current date
when the user was renamed in AD
Log event in renamed users log
Set Rename_stat = "Y"
update_existing_user
If error occurred in this function
adsiErr("rename_user") True
adsiErr
Receive the name of the function where the error
originated
Generate an error message containing all user info and where the error occurred and
error type append to log errorlog.txt the message Append the message to the email body of the
mail that will be sent at the end of
the process
Set globalerror flag = 1