Jamf Nation Community

dupe

It is possible your boss is looking to keep costs down by not having to invest in licensing for either users or computers. Microsoft is good about getting paid.

Dumb question...

Did you ask why?

No one can read their minds and they can't read yours. Like don said relaxed chat away from office is best.

We want to have one authoritative source for employee data. Something as simple as an employee directory with phone number, office location, job title, supervisor, etc… has to be extracted from multiple sources now (so consequently isn't happening). AD contains the user's LAN ID, email address and Real name. That's about it.

When we ask for more, the reason given is "We don't believe AD is the place to do that."

Fair enough. "Why not?"

"Because we said so…" is about as close to an answer as I can get.

So I am looking outside my data center to see if they have legitimate reasons not to want to do it. If they do, great, I am not hell-bent I am right. But I am hell-bent to find out if they have a legitimate reason. If so, I am more than willing to push for our organization to use best practices.

If Peoplesoft is the place to put this information, fine. But most applications can't (out of the box) pull from Peoplesoft. I want AD to pull in data from Peoplesoft and the phone system so it is available to applications.

I have been completely open about what I want to do. They don't have to try to read my mind…

Sincere question: Is this asking too much?

Kevin,

With regards to your "Is this asking too much?" question, that's going to be a political question. If the folks who would need to implement the change really don't want to implement the change, you need to either A) back off, B) find some policy or regulation that says that they need to make this data available, or C) go over their head and hopefully find someone who will both listen to you and can make them implement the change you want.

Note: There's also D) passive-aggressive whining, which is what some folks do in place of choosing A,B, or C, but that's not really helpful to anyone.

As for the technical part, you can update AD fields with information from PeopleSoft. See here for a 2010 MS forum thread discussing ways to bulk update AD with info from PeopleSoft:

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/2370c7cc-fee5-401f-b6e1-6bf9d1b5...

Sincere question: Is this asking too much?

No, I don't think so, but (at least in my experience) IT organizations generally fear change. Especially when that change is in the wheelhouse of someone who is nervous that you're getting into an area of expertise that they don't know enough about. You're not the one who is going to have to execute this transition and the person who is may not feel comfortable in their skill set.

I'm admittedly not an expert on the subject (I'm just now learning some things about AD, having avoided it for years...) but - office politics aside - would it be possible to use an OpenLDAP overlay to connect with AD and extend the records with the additional user info, then have your applications look to OpenLDAP for their data?

Sure, you can do that, but it begs the question:

Do you really want another directory service? They don't maintain themselves...

Unfortunately it looks like you're just going to have to find a social solution to this one. I second the suggestion for coffee/beer/lunch with someone who can make those decisions. Finding a technical work around will only cause extra work/headaches and add another thing for 'Murphy' to play with in the future.