Download Trial Version of UMRA > http://www.tools4ever.com/download/Download Trial Version of SSRPM > http://www.tools4ever.com/download/
UMRA – SSRPM User Auto Enrollment
If you haven’t already read about all the very handy things you can do with SSRPM via a custom UMRA Web Portal, then check out my blog post here: http://umratips.blogspot.com/. Ok, so I was recently tasked with helping one of clients Auto Enroll all of their users in Active Directory into Self Service Reset Password Manager (SSRPM for Shot). SSRPM unfortunately does not have this feature in any current release, however maybe in later version it might. SO for now, I had to find out a way to loop through all the users in Active Directory, and use details in the user accounts, and enter these into the users SSRPM questions for their answers. There is no real easy task for this procedure, and you want to make sure that if you take this approach you are very careful with how you do this, since it can corrupt your complete SSRPM environment, and you will be forced completely wipe, and reinstall SSRPM. So I will go over at a high level some of the things to watch for, and tips that I found when doing this Auto Enrollment.UMRA – SSRPM User Auto Enrollment How To
As I’ve stated in the previous topic, please be take precautions when doing this type of Auto Enrollment. Now there are a few things to take into consideration before we get started, for the quickest and most reliable way to have users Auto Enrolled into SSRPM, I use UMRA to do this. Since UMRA has the ability to schedule scripts to run on a specific schedule, this is the perfect tool to check for any new users added to Active Directory. Also, keep in mind, this SSRPM Auto Enrollment, won’t be a 1 time check, this will be a continual check of users in Active Directory Against users who should be enrolled, if a user is brand new in active directory but not in SSRPM then we enroll them. So below are some of very high level steps that you can take to get a process like this working.Step 1: Set up your SSRPM to use mandatory questions, and set up your profile(s)
Step 2: Make sure the accounts in Active Directory have the related data in attributes in their account.
Step 3: Create a New UMRA Automation Project, this project will get a table of all users, except users who are part of “Domain Admins”, or you can do a check on the user’s group memberships, and skip over users who have this group. Or, filter your table to fit your SSRPM Profile(s) needs.
Step 4: In your UMRA Automation Project you just created, lop through that table with a “For Each” action, with in your other UMRA Automation Project make sure you check for any blank values of the required SSRPM questions. If any of the required questions are blank, have no value, or anything else that is considered no valid, either email a user group, yourself, or even write these users out to a text file using the “Export Variables” action.
Step 5: Now that you have your script setup, now put your UMRA Automation Project on a scheduler. This can be setup for hourly, daily, monthly etc. In my scenario, I had this run every hour to check Active Directory for new users.
I hope this helps out some of you who are trying to Auto Enroll Users Into SSRPM. If you have any questions, or comments please email me or leave a comment.
