New Starter/Leaver Process – Part 1

Synchronising with Active Directory is NOT the best approach

This is a deliberately argumentative statement that, throughout this series of posts, I want to explore and explain my reasoning behind. The other aim of this series is to provide a real-world example of a new starter/leaver process that can be implemented in Service Desk Express.

For many years architects have been pushing for Active Directory synchronisation from every enterprise application vendor with, in most cases, very good reasons. AD synchonisation provides the business with a single directory source that can be used for everything from authentication/authorisation services to location and reporting structure data depending on how well it is populated. No one, not even argumentative me, would argue that a single directory source is a bad thing, nor that single sign on wouldn’t be welcomed by every enterprise user. My argument is NOT with AD. My objection to AD/Service Desk synchronisation is from a business process perspective – namely I believe that the source of HR data (which is what is being synchronised here) is better suited to the HR/Payroll system within an enterprise rather than AD. I can’t imagine that there are many organisations who add their new employees to AD before they are added to payroll and, in my opinion, the system admins should be tasked properly with creating an AD/Exchange account such that OLA/SLAs can be managed and customer satisfaction monitored.  So what, in my humble opinion, is the correct solution:

Data Flow Solution

Data Flow Diagram

As you can see from the diagram above, my solution would be to put the Service Desk in the centre acting as the hub through which human business processes are transacted. The initial employee record is created in the HR/Payroll system which then creates a client/customer record in Service Desk Express (using the Integration Engine). This in turn kicks off the New Starter business process that includes, amongst other tasks, an action to create an AD/Exchange account for the new employee. By updating the WinUserID field in the Client record with the user’s AD domainusername, the link between AD and Service Desk Express is then made and Self-Service Single Sign On can be provided. When employee records are updated (either through a request through the Service Desk or directly with the HR/Payroll system) the employee details are updated in Service Desk Express and then in AD.

New Starter Business Process

I am not going to discuss the initial synchronisation with the HR/Payroll system as this was discussed in a previous post (Using the Integration Engine to Manage Clients) and there is an appropriate Integration Engine package that can be downloaded and tweaked for your requirements. The key point to mention is that of “datakeys:”

Data Keys Diagram

As you can see Service Desk Express holds the datakey for both the HR/Payroll system (EmployeeID –> CLIENT) and AD (sAMAccountName –> WINUSERID). This is crucial to the solution.

New Starter

In my example business process above, the employee is going to be provided with the following:

  • Workstation (either static or mobile) with a standard operating system/applications build.
  • Active Directory and Exchange account for the domain.
  • Induction.

The important point to note about my example process is that activities happen both in parallel and sequentially and I want to demonstrate how this can be accommodated within business rules in Service Desk Express.

In the next post I will walk through the creation of the New Starter Process in Service Desk Express based on the output of the Using the Integration Engine to Manage Clients post I mentioned earlier.

Change Management Business Process

They always say,

“…a picture paints a thousand words…”

and, whilst generally not considered works of art, I find swim lane diagrams or cross-functional flowcharts (as they are called in Microsoft Visio) are a really superb way of explaining who does what when.

So, in the spirit of the above, whilst bored this evening (sat in a hotel room on my M2576 Implementing and Administering Microsoft Internet Information Services (IIS) 6.0 training course), I thought I would put together an example business process diagram for Change Management:

Change Management - Creation, categorisation and assessment

Change Management - Creation, categorisation and assessment

Change Management - Approval, release and closure

Change Management - Approval, release, and closure

I have saved it as both a Microsoft Visio 2003/2007 and Microsoft Visio 2002 diagram such that it might be useful to you as a starting point for your own Change Management process diagrams:

Microsoft Visio 2003/2007 Download
Microsoft Visio 2002 Download

As always, comments/feedback (positive or negative) is always welcome.