/build/static/layout/Breadcrumb_cap_w.png

Best Practices Question


College Student LDAP user import and label for old Students

05/08/2017 933 views
Hello,

I work for a college and I'm looking for the best way to have our helpdesk make tickets for students calling to reset their password.

We have an OU with all students in it, and sub OU's called "active" and "inactive".  Our students will never log on to KACE, but our helpdesk wants the student accounts in the system so they can track what student called to reset a password and make a ticket in the students name.  I know that I could just not import students and have the student send an email to make an account but the helpdesk doesn't want that.  They want it in the system ready to go when the student calls.

I've created LDAP queries for KACE user account creation that checks the active OU for students and makes an account for them.  There are a lot of students in there (over 30,000) so this runs on the weekend.

Over time, active students will migrate from the "active" OU to the "inactive" OU.  When this happens, if they have no tickets in their name they can be deleted from KACE.  We need to have some way to delete these old student accounts or KACE will slow to a crawl.

I was thinking I could just make a LDAP label called "active students" and another called "inactive students" based off the OU.  I could then go through and delete the inactive students we don't need once in a while.  The problem is KACE doesn't apply a user label label unless that student logs on, which they never will.

Is there a better way to accomplish what I'm trying to do?  We are running an older version of the K1000 (6.4.120822).  I know 7.1 is out.  Are there features in a later release that will help with this?  I've looked through the documentation and don't see anything.
0 Comments   [ + ] Show comments

Comments


All Answers

0
This article offers some Custom Ticket Rules to keep user labels more up-to-date than default: https://support.quest.com/kace-systems-management-appliance/kb/131519

I was able to get a simpler CTR working for my purposes, which checks labels right after our weekly scheduled user import.
Answered 05/19/2017 by: JasonEgg
Red Belt

0
I also work at a college and we have similar concerns, although our population is much smaller. The best solution that I have found is to perform a search for the inactive users and delete them manually. Our AD includes a description for the students and when they become alumni that description changes to ALUM-YYYY, where YYYY is the graduation year. Based on that I can perform an advanced search of the users for the correct description and manually delete. The only drawback is that the user list doesn't show me if they have tickets before deleting the users.

Answered 05/09/2017 by: chucksteel
Red Belt

  • After some more research I was told the K1000 now applies a user label at user login and at the scheduled LDAP query, but I still don't think this will work for us to make a User Label as the OU they are moving to when inactive is outside of the OU I'm doing my LDAP query from. I'll have to try it and see if it works.

    For now I'm going to try and talk our helpdesk out of having the students in KACE via an LDAP query at all. Students can just send an email or log onto the KACE website the first time they need to make a ticket. I wish there was a better way.