Z-Hire and Z-Term Review

Administrator are faced with less – less time, less resources, etc- – and the obvious solution is automation. This rule seems to apply whether you’re a consultant or work the day to day grind for a corporation; with automation freeing up your time is a way to get your high priority tasks completed.

That’s where the tools like Z-Hire and Z-Term come in handy. You can check out the tools here. Z-Hire is for on-boarding or new employees, while Z-Term is for off-boarding or for employee termination processes. What is nice is the cross functional appeal of the tools. You can make a process to create an AD account, Exchange Mailbox and Lync account all from one place. This helps re mediate an issue administrators have had with the split permissions model implemented by Microsoft when AD and Exchange were unlinked in management tools.


So what can these tools do for you?

Z-Hire
The purpose of Z-Hire is to allow the IT department to on-board a new employee. Using a template system ZHire is a cookie cutter process for creating employees in AD with Exchange, Lync, Office 365, and SalesForce standard settings.
ZHire01
There are two sections to the configuration of the templates – Environment and User.

Environment
ZHire02ZHire03ZHire04ZHire05ZHire06ZHire07ZHire08ZHire09
User
ZHire11ZHire10ZHire14ZHire15ZHire16ZHire18ZHire17ZHire19ZHire20
What’s useful here is that we can create some simple templates that include relevant information for AD, Exchange and Lync as well as providing some flexibility with Custom Scripts. These templates can make populating values for your users a quick process as well as providing a way to reduce human error when it comes to data entry in general.

Once a template has been completed, you need to save the template and then close and reopen the tool. The reason for this is that settings are stored in an XML file on the server and needs to be loaded by the applicaiton. The XML file looks something like this:
ZHire21
After all of your settings are entered for the template, make sure you click on File –> Save Configuration.

Tp enter information for the new hire on the right hand side like so:
ZHire22
Click Create Account. The tools activity is logged in a file in the directory local to the program:

2/27/2013 4:16 PM: JSmith: Info: Active Directory account created, GUID:
2/27/2013 4:16 PM: JSmith: Info: Modifying Active Directory account
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory sn to Smith
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory givenname to John
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory DisplayName to John Smith
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory telephonenumber to 312-555-1212
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory mobile to 312-555-1213
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory Office to Corporate
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory title to Marketing Grunt
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory userPrincipalName to jsmith
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory pwdLastSet to 0
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory streetAddress to 123 Chicago way
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory City to Chicago
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory state to IL
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory postalCode to 60606
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory account to Enabled
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory groups
2/27/2013 4:16 PM: JSmith: Info: Adding user to Active Directory group: Cert Publishers
2/27/2013 4:16 PM: JSmith: Info: Adding user to Active Directory group: Group-057
2/27/2013 4:16 PM: JSmith: Info: Adding user to Active Directory group: group-1032
2/27/2013 4:16 PM: JSmith: Info: Adding user to Active Directory group: group-1102
2/27/2013 4:16 PM: JSmith: Info: Adding user to Active Directory group: group-1170
2/27/2013 4:16 PM: JSmith: Info: Checking Active Directory Password Policy
2/27/2013 4:16 PM: JSmith: Info: Active Directory Password check results - Meet PWD length:yes Meet PWD complexity:yes
2/27/2013 4:16 PM: JSmith: Info: Setting Active Directory password
2/27/2013 4:16 PM: JSmith: Info: Commiting all Active Directory changes
2/27/2013 4:16 PM: JSmith: Info: Exchange 2010: Sleeping for 5 seconds to ensure AD object is replicated
2/27/2013 4:16 PM: JSmith: Info: Exchange 2010: Connecting to DS-2K10-EX02
2/27/2013 4:16 PM: JSmith: Info: Exchange 2010: Opening connection
2/27/2013 4:16 PM: JSmith: Info: Exchange 2010: Connection open.
2/27/2013 4:16 PM: JSmith: Info: Exchange 2010: Verifying Exchange can see the AD object
2/27/2013 4:16 PM: JSmith: Info: Exchange 2010: AD object found
2/27/2013 4:16 PM: JSmith: Info: Exchange 2010: Enabling mailbox
2/27/2013 4:16 PM: JSmith: Failed with pipeline error: Property expression "jsmith" isn't valid. Valid values are: Strings that includes '@', where '@' cannot be the last character Property Name: UserPrincipalName
2/27/2013 4:16 PM: JSmith: Info: Exchange 2010: Running Set-Mailbox
2/27/2013 4:16 PM: JSmith: Failed with pipeline error: The operation couldn't be performed because object 'jsmith' couldn't be found on 'DS-2K10-DC01.ds2k10.local'.

The logging provides a way to confirm your steps were completed as expected.

As noted in other reviews, some groups are not filtered in the tool when looking up which groups to add the user to.
Z-Term
Terminations/Cleanup. One of the more tedious parts maintaining an IT environment. Removing user access to systems like Exchange, Lync, etc.
Z-Term helps with this cleanup. With the template system employed by the tool automating and standardizing the termination of the user is made easier.
ZTerm01
Some examples of what can be done for cleanup:

  • Disabled the user account
  • Move user account to a special OU
  • Remove group membership
  • Reset AD Password
  • Change Distribution List ownership
  • Forward emails to another user
  • Export mailbox to PST
  • Etc.

I personally find features like the Distribution List ownership change, exporting the mailbox to a PST and forwarding emails to another user quite useful as I deal with a lot of customers using Exchange. These steps alone are a great time saver. There are also settings to wipe their mobile device (Active Sync only).

** NOTE **
The two applications can be easily moved to another server by simply copying all the files in the directory where you put Z-Hire.


In the end I find tools like this another strong step in the right direction. You may not be able to configure everything from just ZHire, but it can take some of the tedious burden of new user administration as well as user termination. This would be a good tool for Administrators who need a tool to configure users with Exchange, and or Lync features.
More Information
Download the tools here.
Download the documentation here and here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s