Kaseya Community

Managing Active Directory

  • Hello,

    We've found that our remote support team spends more time dealing with basic tasks in AD than any other type of work. We'd like to save some time on these tasks. These tasks include creating users (including exchange mailbox), disabling/deleting users, changing group membership, etc. Currently our techs log into a server to do these things. Logging into a server with KRC takes extra time (especially since we use 2-factor authentication) and it would be nice to save 1-2 minutes per ticket by having a centralized area to manage all of our customers' domains.

    I know we could save a bit of time by using the command line interface from LiveConnect or by writing scripts to do some of these tasks, but these options are not as good as having a GUI available. Doing things from the CLI means the tech needs to know exact spelling of user and group names and would need to run several commands to find the names of these objects. It would be a bit easier if LiveConnect had a powershell CLI - pretty much every command we use gets prefaced with "powershell -command ..."

    I know there used to be a Kaseya Module called Directory Services which did a lot of these tasks, but it is no longer supported/available. I imagine there may be a 3rd party application that does this. I imagine either a desktop application or a web interface with a console/control center. It would allow the user to choose which customer/domain they are working on, then see a list of users/groups/OUs. I believe we could just use the AD Users and Computers mmc snap-in, but would need to connect to many domains across the internet - I haven't looked into this because I'm hoping there's a better solution.

    So how do you guys deal with this type of work? Do your techs do everything from LiveConnect on the server or do they log into the server using something like KRC? Any other ways of handling this kind of work? Thanks!

  • Actually most of the functionality of Directory services got rolled into the "Discovery" module now, though I do believe the "Domain Watch" functionality still requires additional licensing from the core Kaseya module.  You can do *some* basic administration of users from within this module.  

    However it does not have the capabilities of doing Exchange Mailboxes, etc...

    One thing that we did for Exchange Mailboxes, etc was that we'll run a scheduled task every so often on the Exchange server that uses powershell, looks at a specific user group for membership, and uses powershell to create a mailbox for any user in that group.  Then we create users we simply make certain that they are a member of the "ExchangeMailbox" group in AD, then the next time the scheduled task kicks off their mailbox will be created.  We do something similar for Lync 2013 accounts as well.

  • Thanks for the reply Jonathan. I am familiar with DomainWatch but did not realize there was still a "Directory Services" add-on for it.  I will look into it a bit more and see if it would be helpful. Even barring the Exchange functionality, it does not sound like it has all of the features we would want. I would really think there's a 3rd party tool for this but haven't been able to find it.

    I like your method for creating mailboxes based on group membership. Assuming you can create users and groups from Discovery, this would be very helpful. How often do you run that script on the exchange server?