Re: [ActiveDir] Active Directory Question
No, Its not possible, there is no policy else you can create a group and provide the rights and permissions or you can use local secrurity to deny registry access for those users whom you dont want to give the access of running setup Regards Mahaveer saraswat (Sr.Systems Engineer) http://net4domains.com - Original Message - From: Simon Taplin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, January 10, 2004 10:46 PM Subject: Active Directory Question Is is possible to setup a policy on Win2000 Active Directory whereby you can use wildcards to deny users access to running certain programs, for example blocking userss running setup*.* Thanks Simon --- This email is hopefully virus free as it has been Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.558 / Virus Database: 350 - Release Date: 2004/01/02 -- - -- - List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Question
Hi Joanna, At Cisco we've developed a whole suite of web-based AD tools to include an Account Mgmt (users, groups, compters) tool. It was all done using Perl and CGI with Apache as the web server. ADSI makes it pretty straightforward, or if you want to develop on a UNIX platform, you can do nearly as much with the Net::LDAP perl module. Robbie Allen Cisco Systems Enterprise Management Coauthor of Managing Enterprise Active Directory Services -Original Message- From: Joanna Days [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 2:09 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Active Directory Question Do you have the name of the Cisco person that spoke or a point of contact from that conference that I can check up with? Gil Kirkpatrick wrote: Joanna, Don't know if there's a commercial product for this, but at the Directory Exerpts Conference this past April, the AD architect from Cisco spoke on some software they had developed in-house, which appeared to be just what you describe. It was apparently a pretty straightforward development project with IIS, ASP, and Perl scripts. -g Gil Kirkpatrick Chief Technology Officer, NetPro Author of Active Directory Programming from MacMillan Got eBook? Get your free Active Directory Troubleshooting eBook at: http://www.netpro.com/ebook -Original Message- From: Joanna Days [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 9:56 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Question I am currently doing Windows 2000 Active Directory research in preparation for our upcoming migration from Novell to Active Directory. I have a couple of questions and wanted to know if anyone has dealt with them I work in an education institution so my questions may be specific to EDU but also to other companies. - Does anyone currently have a method where students/staff/faculty can create their own AD account? - Does anyone currently have a method (preferable web based) where users can reset their own password? - Does anyone currently have a method to check to see if the account is current and if not to automatically delete the account? - Are you using an off the shelf product or are you using an in house program (or a combination of the two)? Below is a list of things that we are trying to accomplish: We are trying to find a solution that will allow our students to create their own Active Directory account to allow them to log on to the machines in the computer lab. They need to also be able to reset their own passwords. Accounts need to exist only for the currently enrolled students. That would mean that on a nightly basis a program would need to go out and compare the list of AD users in the computer lab OU with our in-house database and delete any accounts that exist in AD from users that are no longer enrolled. This will most likely a batch program that will go out and query the database and respond with LDAP information. Our currently enrolled students at this time can obtain an account on our UNIX server. We are looking to either have a process that would either check to see if they have an account on the UNIX server or to go out and do a direct connection to our registration database. Is anyone out there doing something similar or have any idea on how we would need to transfer the data to AD? I would greatly appreciate any assistance or guidance that anyone could provide. Thanks. -- Joanna ;-) \\|// (o o) ~oOOo~(_)~oOOo ~~ ~~ It doesn't matter what others think Joanna C. Days as long as you know the truth. Network Support Engineer Information Technology -JCD- [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ -- Joanna ;-) \\|// (o o) ~oOOo~(_)~oOOo~~ ~~ It doesn't matter what others think Joanna C. Days as long as you know the truth. Network Support Engineer Information Technology -JCD- [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org
RE: [ActiveDir] Active Directory Question
Yes, AD U C. But why would you want people creating accounts at their own will ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Joanna Days Sent: Friday, July 12, 2002 12:56 To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Question I am currently doing Windows 2000 Active Directory research in preparation for our upcoming migration from Novell to Active Directory. I have a couple of questions and wanted to know if anyone has dealt with them I work in an education institution so my questions may be specific to EDU but also to other companies. - Does anyone currently have a method where students/staff/faculty can create their own AD account? - Does anyone currently have a method (preferable web based) where users can reset their own password? - Does anyone currently have a method to check to see if the account is current and if not to automatically delete the account? - Are you using an off the shelf product or are you using an in house program (or a combination of the two)? Below is a list of things that we are trying to accomplish: We are trying to find a solution that will allow our students to create their own Active Directory account to allow them to log on to the machines in the computer lab. They need to also be able to reset their own passwords. Accounts need to exist only for the currently enrolled students. That would mean that on a nightly basis a program would need to go out and compare the list of AD users in the computer lab OU with our in-house database and delete any accounts that exist in AD from users that are no longer enrolled. This will most likely a batch program that will go out and query the database and respond with LDAP information. Our currently enrolled students at this time can obtain an account on our UNIX server. We are looking to either have a process that would either check to see if they have an account on the UNIX server or to go out and do a direct connection to our registration database. Is anyone out there doing something similar or have any idea on how we would need to transfer the data to AD? I would greatly appreciate any assistance or guidance that anyone could provide. Thanks. -- Joanna ;-) \\|// (o o) ~oOOo~(_)~oOOo~~ ~~ It doesn't matter what others think Joanna C. Days as long as you know the truth. Network Support Engineer Information Technology -JCD- [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Question
Joanna, Don't know if there's a commercial product for this, but at the Directory Exerpts Conference this past April, the AD architect from Cisco spoke on some software they had developed in-house, which appeared to be just what you describe. It was apparently a pretty straightforward development project with IIS, ASP, and Perl scripts. -g Gil Kirkpatrick Chief Technology Officer, NetPro Author of Active Directory Programming from MacMillan Got eBook? Get your free Active Directory Troubleshooting eBook at: http://www.netpro.com/ebook -Original Message- From: Joanna Days [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 9:56 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Question I am currently doing Windows 2000 Active Directory research in preparation for our upcoming migration from Novell to Active Directory. I have a couple of questions and wanted to know if anyone has dealt with them I work in an education institution so my questions may be specific to EDU but also to other companies. - Does anyone currently have a method where students/staff/faculty can create their own AD account? - Does anyone currently have a method (preferable web based) where users can reset their own password? - Does anyone currently have a method to check to see if the account is current and if not to automatically delete the account? - Are you using an off the shelf product or are you using an in house program (or a combination of the two)? Below is a list of things that we are trying to accomplish: We are trying to find a solution that will allow our students to create their own Active Directory account to allow them to log on to the machines in the computer lab. They need to also be able to reset their own passwords. Accounts need to exist only for the currently enrolled students. That would mean that on a nightly basis a program would need to go out and compare the list of AD users in the computer lab OU with our in-house database and delete any accounts that exist in AD from users that are no longer enrolled. This will most likely a batch program that will go out and query the database and respond with LDAP information. Our currently enrolled students at this time can obtain an account on our UNIX server. We are looking to either have a process that would either check to see if they have an account on the UNIX server or to go out and do a direct connection to our registration database. Is anyone out there doing something similar or have any idea on how we would need to transfer the data to AD? I would greatly appreciate any assistance or guidance that anyone could provide. Thanks. -- Joanna ;-) \\|// (o o) ~oOOo~(_)~oOOo~~ ~~ It doesn't matter what others think Joanna C. Days as long as you know the truth. Network Support Engineer Information Technology -JCD- [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Active Directory Question
Do you have the name of the Cisco person that spoke or a point of contact from that conference that I can check up with? Gil Kirkpatrick wrote: Joanna, Don't know if there's a commercial product for this, but at the Directory Exerpts Conference this past April, the AD architect from Cisco spoke on some software they had developed in-house, which appeared to be just what you describe. It was apparently a pretty straightforward development project with IIS, ASP, and Perl scripts. -g Gil Kirkpatrick Chief Technology Officer, NetPro Author of Active Directory Programming from MacMillan Got eBook? Get your free Active Directory Troubleshooting eBook at: http://www.netpro.com/ebook -Original Message- From: Joanna Days [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 9:56 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Question I am currently doing Windows 2000 Active Directory research in preparation for our upcoming migration from Novell to Active Directory. I have a couple of questions and wanted to know if anyone has dealt with them I work in an education institution so my questions may be specific to EDU but also to other companies. - Does anyone currently have a method where students/staff/faculty can create their own AD account? - Does anyone currently have a method (preferable web based) where users can reset their own password? - Does anyone currently have a method to check to see if the account is current and if not to automatically delete the account? - Are you using an off the shelf product or are you using an in house program (or a combination of the two)? Below is a list of things that we are trying to accomplish: We are trying to find a solution that will allow our students to create their own Active Directory account to allow them to log on to the machines in the computer lab. They need to also be able to reset their own passwords. Accounts need to exist only for the currently enrolled students. That would mean that on a nightly basis a program would need to go out and compare the list of AD users in the computer lab OU with our in-house database and delete any accounts that exist in AD from users that are no longer enrolled. This will most likely a batch program that will go out and query the database and respond with LDAP information. Our currently enrolled students at this time can obtain an account on our UNIX server. We are looking to either have a process that would either check to see if they have an account on the UNIX server or to go out and do a direct connection to our registration database. Is anyone out there doing something similar or have any idea on how we would need to transfer the data to AD? I would greatly appreciate any assistance or guidance that anyone could provide. Thanks. -- Joanna ;-) \\|// (o o) ~oOOo~(_)~oOOo~~ ~~ It doesn't matter what others think Joanna C. Days as long as you know the truth. Network Support Engineer Information Technology -JCD- [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Joanna ;-) \\|// (o o) ~oOOo~(_)~oOOo It doesn't matter what others think Joanna C. Days as long as you know the truth. Network Support Engineer Information Technology -JCD- [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Active Directory Question
Personally the idea of users adding their own accounts seems real dangerous. I can't help you with the password issue but as far as adding new accounts and then removing them when the user leaves - maybe. We have a process going in place soon that, when a user is added to a central oracle database (sitting on a Unix system) as a computer user contacts the Windows 2000 domain and adds that user to a OU that goes along with his/her affiliation. It creates the account disabled so that someone with the proper access has to enable the account. It would be simple enough to create it enabled but that was deemed a security concern here. When the account expires the database sends the w2k domain information that sets the expiration date properly. It would be simple to have the account deleted but we don't delete accounts here as users tend to come back. This is all done with shell and perl scripts on the Unix side using Cyrus SASL for authentication via Kerberos and some of the OpenLDAP client tools for searching and adding/modifying users. hth, al Joanna Days wrote: I am currently doing Windows 2000 Active Directory research in preparation for our upcoming migration from Novell to Active Directory. I have a couple of questions and wanted to know if anyone has dealt with them I work in an education institution so my questions may be specific to EDU but also to other companies. - Does anyone currently have a method where students/staff/faculty can create their own AD account? - Does anyone currently have a method (preferable web based) where users can reset their own password? - Does anyone currently have a method to check to see if the account is current and if not to automatically delete the account? - Are you using an off the shelf product or are you using an in house program (or a combination of the two)? Below is a list of things that we are trying to accomplish: We are trying to find a solution that will allow our students to create their own Active Directory account to allow them to log on to the machines in the computer lab. They need to also be able to reset their own passwords. Accounts need to exist only for the currently enrolled students. That would mean that on a nightly basis a program would need to go out and compare the list of AD users in the computer lab OU with our in-house database and delete any accounts that exist in AD from users that are no longer enrolled. This will most likely a batch program that will go out and query the database and respond with LDAP information. Our currently enrolled students at this time can obtain an account on our UNIX server. We are looking to either have a process that would either check to see if they have an account on the UNIX server or to go out and do a direct connection to our registration database. Is anyone out there doing something similar or have any idea on how we would need to transfer the data to AD? I would greatly appreciate any assistance or guidance that anyone could provide. Thanks. -- Joanna ;-) \\|// (o o) ~oOOo~(_)~oOOo It doesn't matter what others think Joanna C. Days as long as you know the truth. Network Support Engineer Information Technology -JCD- [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Al Lilianstrom CD/OSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Question :: ADC Question
The intranet I created, for our company does pretty much just that. Users fill in an on-line application, the information creates a disabled Win2K account and exchange 5.5 mailbox (Todd, This may answer your question: ADC actually creates the mailbox, you just have to provide the msExchHomeServerName, proxyAddresses, X400 and mail). The account then then be activeated by a PowerUser (someone who reviews the account information from their locale or facility). Users can login and modify contact information and change their passwords. Powerusers can modify all account information for all users at their facitly. Administrator can modify everyone. Deleted accounts are disabled and moved to a 30-day holding OU. Descriptions are changed to DELTED: XX/XX/ Administrators can purge accounts older than 30-days. Everything is done through ADSI and ASP. Though to simplify some coding, I created an ActiveX control. So to create a User... objuser.Create(Domain, Username, DisplayName, Password) objuser.AccountDisabled = False ... There is also a query method... set objRs = objuser.query [AD Query] Which would allow you to do a comparison, or other ADO query. Everything I have mentioned above can be done using ASP and ADSI. If you are interested in the ActiveX control however, just send me an e-mail. I would send it to you, but since they paid for the development, I will have to check for permission to release it or whatever they deem appropriate. There are some resources available here... http://www.microsoft.com/technet/scriptcenter/user/default.asp And There is also another free product you may wish to look at from Microsoft, which may be talored to this same application... http://www.microsoft.com/serviceproviders/downloads/webadmin_overview.asp Hope this helps. Brendan Stephens [EMAIL PROTECTED] -Original Message- From: Joanna Days To: [EMAIL PROTECTED] Sent: 12/07/2002 12:56 PM Subject: [ActiveDir] Active Directory Question I am currently doing Windows 2000 Active Directory research in preparation for our upcoming migration from Novell to Active Directory. I have a couple of questions and wanted to know if anyone has dealt with them I work in an education institution so my questions may be specific to EDU but also to other companies. - Does anyone currently have a method where students/staff/faculty can create their own AD account? - Does anyone currently have a method (preferable web based) where users can reset their own password? - Does anyone currently have a method to check to see if the account is current and if not to automatically delete the account? - Are you using an off the shelf product or are you using an in house program (or a combination of the two)? Below is a list of things that we are trying to accomplish: We are trying to find a solution that will allow our students to create their own Active Directory account to allow them to log on to the machines in the computer lab. They need to also be able to reset their own passwords. Accounts need to exist only for the currently enrolled students. That would mean that on a nightly basis a program would need to go out and compare the list of AD users in the computer lab OU with our in-house database and delete any accounts that exist in AD from users that are no longer enrolled. This will most likely a batch program that will go out and query the database and respond with LDAP information. Our currently enrolled students at this time can obtain an account on our UNIX server. We are looking to either have a process that would either check to see if they have an account on the UNIX server or to go out and do a direct connection to our registration database. Is anyone out there doing something similar or have any idea on how we would need to transfer the data to AD? I would greatly appreciate any assistance or guidance that anyone could provide. Thanks. -- Joanna ;-) \\|// (o o) ~oOOo~(_)~oOOo~~ ~~ It doesn't matter what others think Joanna C. Days as long as you know the truth. Network Support Engineer Information Technology -JCD- [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Question
Gil and Joanna, I've created, as a demo for an MS class that I taught over a year ago, an ASP page that used ADSI calls to do much of this. Not too tough. I'll see if I can dig it up, if you would forward me your e-mail [EMAIL PROTECTED] Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gil Kirkpatrick Sent: Friday, July 12, 2002 12:41 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Active Directory Question Joanna, Don't know if there's a commercial product for this, but at the Directory Exerpts Conference this past April, the AD architect from Cisco spoke on some software they had developed in-house, which appeared to be just what you describe. It was apparently a pretty straightforward development project with IIS, ASP, and Perl scripts. -g Gil Kirkpatrick Chief Technology Officer, NetPro Author of Active Directory Programming from MacMillan Got eBook? Get your free Active Directory Troubleshooting eBook at: http://www.netpro.com/ebook -Original Message- From: Joanna Days [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 9:56 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Question I am currently doing Windows 2000 Active Directory research in preparation for our upcoming migration from Novell to Active Directory. I have a couple of questions and wanted to know if anyone has dealt with them I work in an education institution so my questions may be specific to EDU but also to other companies. - Does anyone currently have a method where students/staff/faculty can create their own AD account? - Does anyone currently have a method (preferable web based) where users can reset their own password? - Does anyone currently have a method to check to see if the account is current and if not to automatically delete the account? - Are you using an off the shelf product or are you using an in house program (or a combination of the two)? Below is a list of things that we are trying to accomplish: We are trying to find a solution that will allow our students to create their own Active Directory account to allow them to log on to the machines in the computer lab. They need to also be able to reset their own passwords. Accounts need to exist only for the currently enrolled students. That would mean that on a nightly basis a program would need to go out and compare the list of AD users in the computer lab OU with our in-house database and delete any accounts that exist in AD from users that are no longer enrolled. This will most likely a batch program that will go out and query the database and respond with LDAP information. Our currently enrolled students at this time can obtain an account on our UNIX server. We are looking to either have a process that would either check to see if they have an account on the UNIX server or to go out and do a direct connection to our registration database. Is anyone out there doing something similar or have any idea on how we would need to transfer the data to AD? I would greatly appreciate any assistance or guidance that anyone could provide. Thanks. -- Joanna ;-) \\|// (o o) ~oOOo~(_)~oOOo ~~ ~~ It doesn't matter what others think Joanna C. Days as long as you know the truth. Network Support Engineer Information Technology -JCD- [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Question
Title: RE: [ActiveDir] Active Directory Question NetIQ's Directory and Resource Administrator can help with some of what you are looking for. The key thing with DRA is that it is a three tier product\application and the middle tier supports extensive scripting, automation and policy checking. So you could setup a simple ASP page where students could create their own account by taking advantage of some of the abilities of DRA. The ASP page would only need to ask basic info and then send that info to DRA, using ADSI. DRA could then check the provided info against a database or something to confirm the student ID is valid (or something like this). If their ID is valid it would then continue and create a student lab account. The great thing is that DRA audits everything being done and can have pre or post triggers\scripts run before or after any operation is run. So you could have a pre-trigger query a database for the student info, like address, and populate the AD with it when the account is created. In the Eval Guide that comes with DRA they have an example, which I used a bunch of code from to automate some things in our environment, that queries an Access database file for user info and feeds it into the AD when an account is created. The only thing you need to create the account is an employee ID number (Very close to what you are looking for). As for web based self-password reset there are a few different applications out there that do this but I haven't used any of them. To handle account maintenance I would suggest using a LDAP script to query the AD and make the needed changes. DRA also has an ADSI provider that you can use to manage object and it has a Recycle Bin so if you delete an account it can be recovered, until it is permanently deleted. We have used this to give our HD the ability to delete accounts and then have a script that looks at all the accounts in the RB and permanently deletes them after 90 days. To top it off DRA has a Web Console so you can give your HD or other people the ability to do simple administration tasks with a very simple interface. DRA also allows you have management view, which are called ActiveViews in DRA, that allow you to group objects based on wild cards, group membership, OU membership, and other things so you don't have to change your AD model for delegation purposes. Last but not least NetIQ does have a NetWare to AD migration tool, I haven't used it but I know they have one. If you need further info e-mail be directly, don't want to turn the mailing list into too much of a plug :) -Original Message- From: Joanna Days [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 11:56 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Question I am currently doing Windows 2000 Active Directory research in preparation for our upcoming migration from Novell to Active Directory. I have a couple of questions and wanted to know if anyone has dealt with them I work in an education institution so my questions may be specific to EDU but also to other companies. - Does anyone currently have a method where students/staff/faculty can create their own AD account? - Does anyone currently have a method (preferable web based) where users can reset their own password? - Does anyone currently have a method to check to see if the account is current and if not to automatically delete the account? - Are you using an off the shelf product or are you using an in house program (or a combination of the two)? Below is a list of things that we are trying to accomplish: We are trying to find a solution that will allow our students to create their own Active Directory account to allow them to log on to the machines in the computer lab. They need to also be able to reset their own passwords. Accounts need to exist only for the currently enrolled students. That would mean that on a nightly basis a program would need to go out and compare the list of AD users in the computer lab OU with our in-house database and delete any accounts that exist in AD from users that are no longer enrolled. This will most likely a batch program that will go out and query the database and respond with LDAP information. Our currently enrolled students at this time can obtain an account on our UNIX server. We are looking to either have a process that would either check to see if they have an account on the UNIX server or to go out and do a direct connection to our registration database. Is anyone out there doing something similar or have any idea on how we would need to transfer the data to AD? I would greatly appreciate any assistance or guidance that anyone could provide. Thanks. -- Joanna ;-) \\|// (o o) ~oOOo~(_)~oOOo It doesn't matter what others think Joanna C. Days as long as you know the truth. Network Support Engineer Information Technology -JCD- [EMAIL PROTECTED] List info : http