Project Phoenix [alpha] - Account setup automation

[Jonathan Webster]

A few weeks ago a number of you shared how you go about provisioning new students into AD, G Suite and O365. So I figured you may be interested in helping us test and shape an idea we’ve been toying with to make setting up users a little easier.

Like many new ideas, this one is still very much a work in progress, so I’m looking for people who manage user provisioning to test an alpha product in a controlled way. It’s mainly so we can understand what value it currently provides, what’s missing or what needs improving, but also to understand if it’s just a crazy idea!

As part of this, I’m also looking for feedback on UX prototypes, which are a little more polished.

Head to https://labs.n4l.co.nz/phoenix/ to register, I'm super keen to see who’s interested, so we can start making arrangements to get your input!

What do you guys think?

--

Jonathan Webster

Solution Architect

The Network for Learning Ltd

M +64 22 040 3300  P 0800 LEARNING

A Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052

A PO Box 37118, Parnell, Auckland 1151  n4l.co.nz

[Simon Wright]

Signed Up.

This might save me time working on my own solution.

I have already written a Windows service which Sync's KAMAR to AD and manages the full life cycle of the student account.

I'm currently relying on GADS to sync with GSuite and Azure AD connect for O365, but always looking to the future to integrated all of it.

Regards
Simon Wright
ICT Manager

Best for boys through the right learning
2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz

Respect - Whakaute | Courage - Toa | Honour - Hōnore | Perseverance - Manawanui | Excellence - Hiranga

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.

[Jonathan Webster]

Having it all automated would be the long-term goal - but need to make sure we can do one thing well before trying to take on something which is pretty complex.

When you say full lifecycle - does that cover right through to account suspension and deletion? Interested to know how far you'd trust a tool to manage that for you?

[Simon Wright]

Yes, once a student has been marked as left in kamar, my service disables their AD account, removes all groups (except default domain user), moves them to a Leavers OU. It also applies a grace period of 70 days to their leave date and records that in an AD attribute. It sends an email to the user explaining their online accounts (Gmail, O365) will be suspended at the end of the grace period. It re-sends the email every 2 weeks until the grace period is up at which time the AD account is deleted, their profile folders are deleted and their home drive archived.

At this stage, GADS will suspend their account. I generally purge all leavers/suspended accounts from GSuite a couple of times a year.

I always get students coming back after their grace period is up saying they need access, even though they had plenty of advanced and continuous notice.

I made my service to suite my needs and i monitor its logs daily, so i trust it. Its been running for a couple of years now with minimal failure.

Regards
Simon Wright
ICT Manager

Best for boys through the right learning
2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz

Respect - Whakaute | Courage - Toa | Honour - Hōnore | Perseverance - Manawanui | Excellence - Hiranga

[Jonathan Webster]

That sounds well thought out and very reasonable to me! - I've heard of other schools keeping accounts open for a year and that still not being enough for some :)

Have you ever needed to tweak the grace period, or has 70 days just always been a time that's communicated and therefore works?  

[Simon Wright]

I actually plan on having two grace periods... Originally i had it set to 90 days, only because it was enough time for students who were leaving at the end of a year (i.e. year 13's) to still be able to access their email for NZQA results and transition to a uni and or personal email account. That put them into mid-March, so 70 puts it late Feb.

Through the year however, if a student leaves to change schools or whatever, 70/90 days can be too long, where 2-3 weeks should be enough.

Regards
Simon Wright
ICT Manager

Best for boys through the right learning
2 Arthur Street, Dunedin, 9016, New Zealand p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w: obhs.school.nz

Respect - Whakaute | Courage - Toa | Honour - Hōnore | Perseverance - Manawanui | Excellence - Hiranga

[Jonathan Webster]

Does anyone else do what Simon does and give students (or even staff) a set grace period before deleting accounts? 

And while I'm initially focusing on KAMAR to G Suite, which SMS would you want to see supported next? 

[Jeffrey B]

Hi, yes staff get a couple of months and students one month. Etap support would be nice to have.

Thanks.

Jeffrey.

Get Outlook for Android

From: Jonathan Webster

Sent: Wednesday, May 9, 12:35 PM

Subject: Re: [techies-for-schools] Project Phoenix [alpha] - Account setup automation

To: techies-f...@googlegroups.com

Does anyone else do what Simon does and give students (or even staff) a set grace period before deleting accounts? 

And while I'm initially focusing on KAMAR to G Suite, which SMS would you want to see supported next? 

On Tue, 8 May 2018 at 09:10, Simon Wright <simon....@obhs.school.nz> wrote:

I actually plan on having two grace periods... Originally i had it set to 90 days, only because it was enough time for students who were leaving at the end of a year (i.e. year 13's) to still be able to access their email for NZQA results and transition to a uni and or personal email account. That put them into mid-March, so 70 puts it late Feb.

Through the year however, if a student leaves to change schools or whatever, 70/90 days can be too long, where 2-3 weeks should be enough.

Regards

Simon Wright

ICT Manager

Best for boys through the right learning

2 Arthur Street, Dunedin, 9016, New Zealand

p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w:

obhs.school.nz

Respect - Whakaute | Courage - Toa | Honour - Hōnore | Perseverance - Manawanui | Excellence - Hiranga

On Tue, 8 May 2018 at 08:54, Jonathan Webster <jonathan...@n4l.co.nz> wrote:

That sounds well thought out and very reasonable to me! - I've heard of other schools keeping accounts open for a year and that still not being enough for some :)

Have you ever needed to tweak the grace period, or has 70 days just always been a time that's communicated and therefore works?  

On Mon, 7 May 2018 at 14:20, Simon Wright <simon....@obhs.school.nz> wrote:

Yes, once a student has been marked as left in kamar, my service disables their AD account, removes all groups (except default domain user), moves them to a Leavers OU. It also applies a grace period of 70 days to their leave date and records that in an AD attribute. It sends an email to the user explaining their online accounts (Gmail, O365) will be suspended at the end of the grace period. It re-sends the email every 2 weeks until the grace period is up at which time the AD account is deleted, their profile folders are deleted and their home drive archived.

At this stage, GADS will suspend their account. I generally purge all leavers/suspended accounts from GSuite a couple of times a year.

I always get students coming back after their grace period is up saying they need access, even though they had plenty of advanced and continuous notice.

I made my service to suite my needs and i monitor its logs daily, so i trust it. Its been running for a couple of years now with minimal failure.

Regards

Simon Wright

ICT Manager

Best for boys through the right learning

2 Arthur Street, Dunedin, 9016, New Zealand

p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w:

obhs.school.nz

Respect - Whakaute | Courage - Toa | Honour - Hōnore | Perseverance - Manawanui | Excellence - Hiranga

On Mon, 7 May 2018 at 14:02, Jonathan Webster <jonathan...@n4l.co.nz> wrote:

Having it all automated would be the long-term goal - but need to make sure we can do one thing well before trying to take on something which is pretty complex.

When you say full lifecycle - does that cover right through to account suspension and deletion? Interested to know how far you'd trust a tool to manage that for you?

On Mon, 7 May 2018 at 09:30, Simon Wright <simon....@obhs.school.nz> wrote:

Signed Up.

This might save me time working on my own solution.

I have already written a Windows service which Sync's KAMAR to AD and manages the full life cycle of the student account.

I'm currently relying on GADS to sync with GSuite and Azure AD connect for O365, but always looking to the future to integrated all of it.

Regards

Simon Wright

ICT Manager

Best for boys through the right learning

2 Arthur Street, Dunedin, 9016, New Zealand

p: 03 477 5527 | f: 03 477 5468 | c: 021 773 229 | w:

obhs.school.nz

Respect - Whakaute | Courage - Toa | Honour - Hōnore | Perseverance - Manawanui | Excellence - Hiranga

On Mon, 7 May 2018 at 09:11, Jonathan Webster <jonathan...@n4l.co.nz> wrote:

A few weeks ago a number of you shared how you go about provisioning new students into AD, G Suite and O365. So I figured you may be interested in helping us test and shape an idea we’ve been toying with to make setting up users a little easier.

Like many new ideas, this one is still very much a work in progress, so I’m looking for people who manage user provisioning to test an alpha product in a controlled way. It’s mainly so we can understand what value it currently provides, what’s missing or what needs improving, but also to understand if it’s just a crazy idea!

As part of this, I’m also looking for feedback on UX prototypes, which are a little more polished.

Head to https://labs.n4l.co.nz/phoenix/ to register, I'm super keen to see who’s interested, so we can start making arrangements to get your input!

What do you guys think?

--

Jonathan Webster

Solution Architect

The Network for Learning Ltd

M +64 22 040 3300  P 0800 LEARNING

A Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052

A PO Box 37118, Parnell, Auckland 1151  n4l.co.nz

[Alistair Baird]

Yes, we automatically remove the groups, the account is moved to left, but not disabled via our Kamar Directory Service, unless done manually. I normally 'get around to it' about June/July as students often use their email accounts for jobs and Duke of Ed. I normally first disable them for a month or two, then get around to deleting them.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Jonathan Webster

Solution Architect

The Network for Learning Ltd

M +64 22 040 3300  P 0800 LEARNING

A Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052

A PO Box 37118, Parnell, Auckland 1151  n4l.co.nz

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Jonathan Webster

Solution Architect

The Network for Learning Ltd

M +64 22 040 3300  P 0800 LEARNING

A Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052

A PO Box 37118, Parnell, Auckland 1151  n4l.co.nz

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Jonathan Webster

Solution Architect

The Network for Learning Ltd

M +64 22 040 3300  P 0800 LEARNING

A Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052

A PO Box 37118, Parnell, Auckland 1151  n4l.co.nz

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Alistair Baird

IT Manager

St Peters College 

p 06 354 4198

m 021 482 937

e bai...@stpeterspn.school.nz

[Sue Way]

HI Jonathan,

We give a grace period for both students and staff.. 

Our AD accounts get disabled very soon after they leave but google accounts we leave longer. with in a week.

For students I leave differnet lengths depending on why they leave. 

If going to another school I leave 2 weeks after they have started the new school then only suspend the accounts

If students leave at the end of the year as a year 13 accounts  get left  till Feb before they are suspended. There are always students who have signed up to uni using their school email account.

Once students have left for 2 years I delete their Google accounts.