IT Administrative and Help desk costs can be decreased by allowing users to manage
their most common requests like - user activation (in Active Directory), user password
change and reset (in AD or any MOSS supported membership provider) and creation
of user accounts in AD (with option to provision Exchange mail boxes also).
Self service Web Parts contain the following modules. Either all the modules or
selected modules can be deployed based on the client’s requirements.
User Account Setup
Administrators or users with permission can do the following activities.
►
Creation of AD user accounts: This can
be either an automatic or manual process.
►
In the automatic process, business rules can be defined, like OU in which user account
must be created and how to handle name collisions. The Administrators will enter
the basic user information like their name, department they will be working and
their supervisor. Based on the rules defined the user account will be created in
the correct OU. The random password will be generated for this account and mailed
to the Administrator who has created the account. Distributed administration can
be implemented, so that the department selection option [OU listing] is restricted
only to OU the Administrators are allowed to manage.
Standard or extended AD attributes like Job Title, Home Phone, Work Phone, Address
etc can be collected and used for AD user provisioning.
Exchange mail boxes can also be created and assigned to this user account automatically.
The user must activate their account during their first login or using the user
account activation web Part.
►
In the manual process, Administrators will view and browse the AD tree to create
the user accounts. Distributed administration can be implemented in the manual process,
so that Admin can view, create and manage accounts only in certain OU.
►
SharePoint user creation: The user can be created
in SharePoint also, when a new user is created in AD. The users can be associated
with any Securable Objects like Site Collections, Sites, and Lists etc. Permission
levels and Group membership can be set for the users for any Sites.
Password Change Web Part
End users can change their AD password without the assistance of Help desk or Administrator
resources.
►
Company password policy can be implemented and customized during deployment.
►
Users can change the password only for their accounts.
►
Administrators can change the password for any accounts in the domain specified.
►
Success and error message during operation can be customized.
Password Reset Web Part
Users can reset their password based on a challenge-response mechanism, if their
account is locked or have forgotten their password. The solution contains a Web
part which can be included in any non secure pages, to which users can be redirected.
To reset the password, users must answer multiple challenge-response questions,
which will be configured by Administrators during Web Part deployment. The challenge
response questions can be based on AD attributes or from any external database system
(AD user account to be used as key if external database is to contain the security
questions).
Password Expiration Web Part
Part of the redirection Web part family, the Web part can be used to notify the
users when their password is about to expire or force them to change their password
by redirecting to Password change page. This Web part can be placed in the welcome
page and based on the rules defined in the Web part, various actions can be performed
like either sending a notification or displaying an information message about the
impending password expiry. After password expiry, users will be automatically directed
to password change page.