We are taking a look at Web Active Directory’s new PowerShell-enabled platform this week in a series of blog posts. We introduced the series by discussing how many software companies like to squeeze every red cent from their customers by using proprietary technologies that require costly implementation services.

This post introduces WebAD’s PeopleProvision tool to help delegate and automate the Active Directory and Exchange mailbox provisioning processes without requiring complicated implementations or extensive training. The next two posts in the series examine the keys to a quick PeopleProvision implementation and finally—perhaps most important of all—the benefits of exposing business logic in PowerShell for easy customization and extensibility without requiring extensive consulting services.

WebAD introduced PeopleProvision earlier this summer to make it simple and affordable to implement a custom provisioning tool for creating Active Directory accounts and Exchange mailboxes. There are a number of solutions of varying capabilities and price on the market today but our customers kept telling us something was missing. After analysis of the current IdM provisioning playing field, we introduced our PeopleProvision solution with three main goals.

1. Deliver a solution that doesn’t blow your budget out of the water.
2. Enforce best practices in provisioning through application design while keeping the application itself very simple to use and administer.
3. Allow powerful extensibility and customizations using well-known, proven technologies.

With these goals in mind, we spent a significant amount of time analyzing the key activities in most common provisioning processes. This analysis garnered three main pieces of information that determine most AD attribute values for new accounts and PeopleProvision uses this information to help drive the information populated in Active Directory and Exchange when creating accounts and mailboxes.

1. Office location: Address information as well as distribution and security group membership
2. Department: Organization information as well as distribution and security group membership
3. Job title: Very targeted distribution and security group membership

Once we had a feel for the provisioning activities, we began to develop a design approach that puts the users first—both end-users and system administrators—to make the application easy to use and intuitive to administer. This design approach allowed us to produce a simple and elegant user experience that emphasizes form and functionality.

This simple 10-field form collects all the information necessary to create a new Active Directory user account and Exchange mailbox with the following features.

• Full attribute population including address, telephones, organization, manager, email address and unique account name
• Custom profile settings including profile directory path, login script and a mapped user home drive with the user share already created and NTFS permissions applied
• Group memberships including security and distribution groups
• Exchange mailbox creation on the correct database with proper limits applied

PeopleProvision can do all this work based on 10 fields or fewer because it understands the key pieces of information along with the rules needed to process that information. The customizable form gathers the key information using a simple interface that enforces data integrity while providing help documentation directly on the page. Check out our PeopleProvision videos to see how easy it is to create a new user and administer provisioning rules used to create AD accounts and Exchange mailboxes.

Tomorrow we’ll look at the simple implementation process that WebAD uses to get PeopleProvision up and running in your environment. And then the fun begins with an examination of how PowerShell really gets the PeopleProvision engine going in the final post of the series.