rotherham primary care trust derek stowe it infrastructure manager
TRANSCRIPT
ESR/AD INTEGRATION&
QUEST ACTIVE ROLES SERVER
Rotherham Primary Care Trust
Derek StoweIT Infrastructure Manager
Introduction to the Trust
Rotherham Nr Sheffield Serves a population of approx 248,000 1850 full/part time staff Microsoft Windows 2003 AD/Exchange Microsoft XP/Vista Desktop Touchpaper ITBM Service Desk SMS (SCCM)/SCOM/WSUS/Forefront Virtual Server environment Clustered SAN technology
Specific IT Challenges
Security of the Domain Ensuring users have the correct access Ensuring users have timely access Ensuring accounts are up to date Time taken for account changes i.e. name
change Lack of information from HR Lack of information from department
managers
IT Challenge for which we deployed the solution
Account creation could take anything from 3 days to 2 weeks.
Accounts existed that were up to 2 years old for employees that had left or moved
Very confused and messy paper trail Time spent chasing information Massive data overhead (profiles and
home directories)
Considerations
ESR was being introduced across the NHS Integration into current Active Directory
and supplemental systems Active Directory access needed policy
control Easy to use interface for 1st line support Full automation of PCT employee
accounts including de-provisioning Cost and knowledge of company chosen Support knowledge and ease of self
support
The Solution
Quest ARS and Password Manager Other solutions considered from leading
companies Currently used and using Quest toolsets Quest had a current solution that could
be adapted to our needs Very good knowledge of NHS current
deployments and relationship with CfH Excellent sales/installation and after sales
service
The Result
Full integration of ESR data with AD Auto account provision/de-provision Auto assignment to groups Full reporting and auto creation of user’s
welcome letter Easy management user interface Full ROI expected within 9 months No staff input required apart from incidental
accounts i.e. temporary accounts so up to 20hrs per week saved across departments (est)
NO DOWNTIME
Lessons learned
Reliance on 3rd party to send correct data format on time
Introduce procedures for managers prior to installation
Ensure availability of staff for training Watch and learn Use a company you trust and has
knowledge of the NHS Allow for bespoke projects to run over
time
Summary/Conclusion
By deploying Quest Active Roles and Password Manager we achieved full automation of our account management on AD and passed the onerous task of password resets to the end user.
This means we have a fully secure and up to date AD which requires very little account maintenance.
Time and money saved all round with the added bonus of full security