You may also want to look at some of the ISP players such as Abridean and see what they can do for you.
>From a process perspective I would never consider SSN or any other public personal knowledge to be used for the identification process of a user due to security and privacy concerns. I would be more comfortable with a process that sends snail mail to a user and they use that to create the account else something that is generated on a web page that keeps their information anonymous. It's a sticky situation to figure out for sure. Al -----Original Message----- From: Shad Gunderson [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2003 3:29 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] AD Self-service User Managment Mulnick, Al wrote: >That's not really self-service though is it? I would consider self >service something that allows a request (anonymous web connection since >they don't have an account?) to be automatically sent into a workflow >process and approved and created or denied and a response sent back. A >response sent regardless would be optimal but may not be practical if >the user has not account or email store. > > That is exactly the definition of self-service that I was operating under. >There are some things that have to be determined from the original post >such as who can make the request? What's the bare minimum access and >communications that the requestor must have? > >How does the requestor make the request? > > Well, the particulars haven't exactly been spelled out yet... While I agree with the former comments about data integrity with in the directory, there seems to be some desire to automate this process as much as possible. I was really testing the waters to see how pervasive such tools were in deployment and who the players in the space are - in a brief afternoon of googling, I've discovered that vendors such as Novell, Waveset, BindView provide some level of solution to the question posed.... along with the roll-your-own approach that was described. Also some identity managment products spill over in regards to functionallity. I certainly have some more requirements gathering to do. I personally can imagine various iterations of this: from a lowly manual process to an integrated work-flow of some complexity... but my assumption is that the individual will have some form of credential (Employee #, SS# (ew!) or some such) to validate his identity and this will pull the trigger to create system accounts on an AD DC. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
