Data written to AD and orphaned AD users

Sep 1, 2010 at 8:13 PM

Hi Andrea,

1. Can you tell me what data, if any, is written by NetSqlAzMan to active directory or does NetSqlAzMan only read the user and group info to assign permission?

2. If "Joe Employee" is assigned permission (AD-Windows User) to do some operation in the NetSqlAzMan console, then later this person is no longer in AD (quits job, fired, laid off), does NetSqlAzMan clean up/synch its DB somehow, by removing the reference to the removed person in all the places he has access (in NetSqlAzMan db). Or is there a method you provide to remove "Joe Employee" from the entire NetSqlAzMan DB?

3. Does a "Report/Item Authorizations" report go to AD and verify the NetSqlAzMan DB and AD are in synch thus pointing out orphaned permissions?

TIA, Steve

 

Coordinator
Sep 3, 2010 at 7:51 AM

Hi,

From: sbitte33

Hi Andrea,

1. Can you tell me what data, if any, is written by NetSqlAzMan to active directory or does NetSqlAzMan only read the user and group info to assign permission?
[NetSqlAzMan read only !]

2. If "Joe Employee" is assigned permission (AD-Windows User) to do some operation in the NetSqlAzMan console, then later this person is no longer in AD (quits job, fired, laid off), does NetSqlAzMan clean up/synch its DB somehow, by removing the reference to the removed person in all the places he has access (in NetSqlAzMan db). Or is there a method you provide to remove "Joe Employee" from the entire NetSqlAzMan DB?
[No clean or sync. You will see deleted Windows User/Group with a question mark icon. Same as windows Unresolved SID under Windows Users and Groups console]

3. Does a "Report/Item Authorizations" report go to AD and verify the NetSqlAzMan DB and AD are in synch thus pointing out orphaned permissions?
[Same as 1. NetSqlAzMan NEVER write to AD. Just Read only !]

TIA, Steve

Regards,
Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com