PURPOSE
This procedure outlines the steps required for provision new Active Directory user accounts for Landmarks systems.
BACKGROUND
Landmark uses Microsoft Active Directory as a central database of user accounts for core systems. These accounts are the foundation for system access and authentication, network security, application access, email addressing, and other processes. It is critical these accounts are provisioned using a standardized process to insure appropriate access for users.
REQUIREMENTS
The technician must a member of these security groups and access roles.
Note: The list below is not a list of roles...
- On premise ECP
- ExOL ECP
- On prem AD
- Microsoft 365 admin center
PROCEDURE
Using the on-premise Exchange Control Panel (ECP) to create the user account will facilitate the creation of the Active Directory object and both the on-premise and Exchange Online mailbox.
- Create the Active Directory (AD) account, on-premise Exchange record, and Exchange Online mailbox.
- Logon to on-premise Exchange server at https://mail.teamlandmark.com/ecp
- Navigate to the mailboxes section of the recipients configuration section of the ECP.
- Click on the large + icon and then choose Office 365 mailbox. You will be prompted to specify details for the mailbox.
- First Name
- Last Name
- Organizational Unit
The user account should be created in the appropriate Organization Unit corresponding to the employee’s office location or functional group. All Landmark Employee user accounts should be created with an appropriate sub-OU of the 3. Landmark Users Organization Unit.
- Name (this will populate automatically)
- User Logon Name
Use a combination of First Initial of First Name followed by full Last Name. Add middle initial between these arguments if required to enforce uniqueness. The username for Zed Landmark for example would be “zlandmark”. The username should consist of all lower case characters.
Change the domain to “@teamlandmark.com”
- Set to standard new user password “Landmark1665”
- First Name
- Click the Save button.
- Modify attributes using Active Directory Users and Computers or other AD tools
- Under General tab, set the following:
- Office (if assigned)
- Telephone number to assigned DID
-
Other… to four-digit extension
- Under Telephones tab, set the following:
Mobile to the Landmark issued mobile phone number or the employee's personal mobile phone number (unless employee has requested this not be published). The phone number should always be published if Landmark is paying a mobile phone reimbursement.
Fax Number (if assigned)
IP Phone (four-digit extension)
-
Under Organization tab, update the following fields using information supplied by Human Resources department.
Job Title
Department
-
Company - Reports and other tools query based on these values. This field should be set to one of the following four options exactly.
Landmark Structures I, L.P.
Landmark Fabrication, L.P.
Landmark Structures Co.
Landmark Municipal Services ULC
Manager
- Update the Member Of tab, adding the user to appropriate on-premise Active Directory Security and Distribution Groups as defined in the Matrix or in Onboarding Notes.
- Adjust groups based on the onboarding notes which specify a user to use as a template. Template group memberships are also defined on the Matrix based on typical roles. Group memberships will be validated to insure the user has the appropriate level of access.
- Special permissions are required to modify security groups which allow access to confidential information. Notify an appropriate member of the Information Systems team if you are not able to add the user to requested groups.
- Adjust groups based on the onboarding notes which specify a user to use as a template. Template group memberships are also defined on the Matrix based on typical roles. Group memberships will be validated to insure the user has the appropriate level of access.
Click the OK button.
- Under General tab, set the following:
Assign an appropriate Office365 license according to the “Standard Software and Hardware Matrix” or special instructions.
NOTE: Replication to Office365 may take up to 30 minutes.- Add the user to appropriate Azure Active Directory Security and Distribution Groups as defined in the Matrix or in Onboarding Notes.
- Adjust groups based on the onboarding notes which specify a user to use as a template. Template group memberships are also defined on the Matrix based on typical roles. Group memberships will be validated to insure the user has the appropriate level of access.
- Special permissions are required to modify security groups which allow access to confidential information. Notify an appropriate member of the Information Systems team if you are not able to add the user to requested groups.
- Adjust groups based on the onboarding notes which specify a user to use as a template. Template group memberships are also defined on the Matrix based on typical roles. Group memberships will be validated to insure the user has the appropriate level of access.
REFERENCES AND RELATED DOCUMENTS
- CMDB - https://teamlandmark.freshservice.com/cmdb/items
- Office365 Admin Portal - https://admin.office365.com
- Exchange Online Admin Portal - https://outlook.office365.com/ecp
- Landmark On-Premise Exchange Admin Portal - https://mail.teamlandmark.com/ecp