Let's create a user. Normally, when a user is created, there's a whole lot of things that need to be done. A lot of times, they're done incorrectly, or that can cause problems later.
For example, if we don't put in their office location, that might not immediately be a problem. But it might be a problem later on for the user when they go to do something and a distribution group or a security group they should be in, they're not in. With Active Roles, we get rid a lot of those problems.
When we go to create a user, you'll notice here that it went ahead and created the user name by taking the first and last name together. It also created the display name. These are done through policies that I built in Active Roles. And you can find some more information on that in other videos.
It will also create the login name for me. I don't even need to put that in. And here, it'll create it by me actually just clicking this button right here. And again, that's also done through policy. Everything here is automatic.
And by the way, I've exposed those, but I could just as easily customize this and not have those show up at all. I can generate a password. And again, I could have this happen on its own, but just so that I can show you, I'm exposing everything even though in reality, it's actually setting all of it in the background.
Here, I'm going to go ahead and create an exchange account for this user. You can see the alias is already calculated. What mailbox store is calculated-- again-- through policy. I can set the retention policies and all the other things with the account here, or I can just let Active Roles pick all of those for me.
Let's say this user actually is an Office 365 user. I can create their Azure account by clicking on here. I need to set the usage location. Which I could have set through policy in this case, I just chose not to.
Lastly, of course, the big one. If I created an Azure account for them, do they need an Office 365 license? And the answer usually is yes. So I can just click on here and say they need an Exchange Online license. And I go ahead and I can click Finish now.
And with that, the user is created. We can see right here it says operation successfully completed. And it should show up right here. There it is, right-- oh. Right there.
The next one we'd like to do is modify a user. So let's take a look at the test user that we created before. And what you can see is we're able to pull up all his information. Incidentally, I can customize this page very easily and change what data actually shows up here. In this particular case, I have it fairly generic.
But let's say I want to do something like changing his office location. Normally in Active Directory, this would show up as a free-form text field. I can type in anything I want. Whether it's spelled correctly or different, it doesn't really matter.
With Active Roles, I have a policy. The policy says, these are the only items or the only things that particular office location can be. That will help you later when you're trying to do things like dynamic groups and whatnot, where the actual way things are set out matters.
The next thing we want to do is change the phone number. You'll notice right here, there's a little i button. The i button tells us that that particular field has a policy against it. So if I try to put in a phone number, like, that's wrong or in the wrong format, or let's-- let's just do this the right way, sort of.
And I click Save. What you'll see here is it's not going to let me do it. It's going to tell me that there was something wrong.
And we can see invalid data on the page. And if we click down here, it will tell us exactly what the problem is. That way, I can put it in correctly.
And the reason that's important is let's say I have a click to dial system or something like that that requires the phone number to be in the correct format. And you'll notice here, it says the operation is now completed successfully. And that's because I put the information in correctly. I can have policies doing all sorts of things for user changes, creations, all of that to make sure that the data is nice and clean, and exactly the way that I want to going forward.
Another task that Active Directory administrators and help desk personnel have to deal with is terminations. People leave the company all the time. And we need to make sure that when they leave, everything is done correctly in Active Directory.
In this case, we have something that we call deprovision. And deprovision gives us the ability to go through an entire process that we built to terminate the user. All I have to do is click on Deprovision. And again, I just need to have the rights to do it.
And this, by the way, can be done through automation automatically through, say, an HR [INAUDIBLE], a CSV, or something like that as well. But in this case, we're just doing it manually. Now, this user has been deprovisioned. And you can see here that the operation was completed successfully.
I can actually see what's happened here. If I take a look at the workflow activities and policy actions, I could go through here for example, and I can actually see exactly what happened. When I deprovisioned the user account, I removed them from groups.
I did a deprovision on the local exchange mailbox. I removed their home directory. I moved the account to a different OU. And then I set the account for permanent deletion as well.
Let's take a quick look at the policy that we actually use to do this. If I go over here and I go to my deprovisioning policy, you can see here is all the different things. So here, for example, I've set the account to disable the account, scramble the password, scramble the login name, and rename it.
I've also told Exchange to go ahead and deprovision the account through several things. I even have the option if I wanted to of setting replies, auto replies if I want. And hiding the user from the [INAUDIBLE], things like that. And here, I've deleted, and said after about six months, I want you to go ahead and permanently remove the account as well.
Using the old adage, with great power comes great responsibility, we know that sometimes we terminate a user only to find out either five minutes later or the next day or sometime soon that either that user really didn't leave the company, or it was the incorrect employee that we were given by HR, or for whatever reason, we have to undo that. And as I'm sure you're aware, that's a whole process in order to make that happen. With Active Roles, we can just do everything in reverse. In fact, it's built in.
Here's the user we just deprovisioned. All I have to do is click here on Undo Deprovisioning. And it says, am I sure I want to do that?
It's going to ask me for their password. I'm going to go ahead and leave the password unchanged. But I could change it to something else, let's say, if they'd been gone a few months or something like that.
And just like that, the account is reprovisioned, if you will, back to exactly where they were before. All their group membership came back. All of their account options, everything is exactly the way it was before. And if you see, he doesn't say deprovisioned anymore either.
In addition to creating and deprovisioning users, there's a lot of day to day administrative tasks of users as well. So let's walk through a couple of them real quick. One of the common ones is resetting a password.
I can just click here. I can have it generate a new password for me. And once I do that, I can click Finish. And it's now reset that password for that user.
Let's say I want to do other tasks. If this account were locked out, for example, I would actually have another option here that says unlock account. Or let's say I want to add them to a group. I can click Member Of, it's going to show me what groups that they're in. I can add them to a group here.
I'll just add them to this junk group. Notice, by the way, we have something here called temporary access. I can add them to this group today, and have them go to whenever. Or I can have them add to the group tomorrow, and be removed from the group the next day if I want to.
But for today, we don't really care. We'll just leave it like that. And just like that, I've added them to the group. And now they're in that group. And you can see here it shows you which groups are actually in here, they're in.