Solved

Generate temporary AD users

Posted on 2014-03-06
8
31 Views
Last Modified: 2015-06-24
Hello!

I was challenged by a customer to come up with a solution for them to generate temporary AD users that lasts for X amount of hours/days. With interactive input for this of course.

The scenario is that they have a software that they want to allow temporary access to for customers and consultants.

Is this possible via something like Powershell? Or do anyone know of a software that can do this? Without being a fully "bloated" system. This is the only function they need.

Appreciate any suggestions :-) Maybe I've missed something vital in my explanation, I'll check in later.

Cheers

Regards
Daniel
0
Comment
Question by:itssab
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 500 total points
ID: 39909614
When you create a user in Active Directory Users and Computers, you can specify an expiration time for the account. Would this work?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39909716
You can also set it using Set-ADAccountExpiration but Joe's answer is probably easier for help desk folks via the GUI.

What do you mean by interactive input, are  you looking for a custom front end for this?

Thanks
Mike
0
 
LVL 6

Expert Comment

by:Alan Gunn
ID: 39909949
I had a request at 14:00 to have an account "Expire" at 18:00.
I set it to expire at the end of the day and adjusted it's logon hours to nothing after 18:00.

It only stops you authenticating after that time but it gives a little extra control.

Cheers!

TRM
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 39911200
You may below script it may reduce your most of the time
http://gallery.technet.microsoft.com/scriptcenter/PowerShell-Create-Active-7e6a3978

You will just have to fill the details in excel file so its interactive ..:-)
0
 

Author Comment

by:itssab
ID: 39911738
Lots of replies I see, thank you :)

I'm know of how to do it through the GUI, but they want something more intuitive and automated than that.

Yes, some kind of customer front end is what I'm after. You know, the old "I want to be able to press a button!" customer argument ;) Type in expire time, maybe what group it should be belong to etc, then click a button and username and password is generated.

They need these users to be removed by automation after they've expired as well.

They want an interface they can reach from anywhere in the world. But that would have to be remote desktop if nothing else is available.
0
 

Author Comment

by:itssab
ID: 39923493
No more suggestions?
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40848145
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question