ESR/AD INTEGRATION&

QUEST ACTIVE ROLES SERVER

Rotherham Primary Care Trust

Derek StoweIT Infrastructure Manager

Introduction to the Trust

Rotherham Nr Sheffield Serves a population of approx 248,000 1850 full/part time staff Microsoft Windows 2003 AD/Exchange Microsoft XP/Vista Desktop Touchpaper ITBM Service Desk SMS (SCCM)/SCOM/WSUS/Forefront Virtual Server environment Clustered SAN technology

Specific IT Challenges

Security of the Domain Ensuring users have the correct access Ensuring users have timely access Ensuring accounts are up to date Time taken for account changes i.e. name

change Lack of information from HR Lack of information from department

managers

IT Challenge for which we deployed the solution

Account creation could take anything from 3 days to 2 weeks.

Accounts existed that were up to 2 years old for employees that had left or moved

Very confused and messy paper trail Time spent chasing information Massive data overhead (profiles and

home directories)

Considerations

ESR was being introduced across the NHS Integration into current Active Directory

and supplemental systems Active Directory access needed policy

control Easy to use interface for 1st line support Full automation of PCT employee

accounts including de-provisioning Cost and knowledge of company chosen Support knowledge and ease of self

support

The Solution

Quest ARS and Password Manager Other solutions considered from leading

companies Currently used and using Quest toolsets Quest had a current solution that could

be adapted to our needs Very good knowledge of NHS current

deployments and relationship with CfH Excellent sales/installation and after sales

service

The Result

Full integration of ESR data with AD Auto account provision/de-provision Auto assignment to groups Full reporting and auto creation of user’s

welcome letter Easy management user interface Full ROI expected within 9 months No staff input required apart from incidental

accounts i.e. temporary accounts so up to 20hrs per week saved across departments (est)

NO DOWNTIME

Lessons learned

Reliance on 3rd party to send correct data format on time

Introduce procedures for managers prior to installation

Ensure availability of staff for training Watch and learn Use a company you trust and has

knowledge of the NHS Allow for bespoke projects to run over

time

Summary/Conclusion

By deploying Quest Active Roles and Password Manager we achieved full automation of our account management on AD and passed the onerous task of password resets to the end user.

This means we have a fully secure and up to date AD which requires very little account maintenance.

Time and money saved all round with the added bonus of full security