IT Trends | Project Profile
Dallas ISD Uses Apps To Control Active Directory Usage
Dallas Independent School District
(ISD) is home to 220 schools serving nearly 160,000 students and employing
nearly 20,000 teachers and staff. Managing network accounts for so many people
is a daunting task.
A few years ago the district switched its network from Novell to Windows
because the IT administrators wanted better integration with the district's
The switchover involved the adoption of Microsoft Active
Directory to authorize users and computers on the network. The district's IT
administrators could use Active Directory to create and manage user accounts,
but they didn't want to be burdened with everyday tasks like adding user
accounts every time a new student or staff member joined the district, or
resetting user passwords. And while each school has a designated campus
technologist who can handle those types of tasks, the IT administrators didn't
want the technologists to have full access to Active Directory.
The IT team had been using a tool called DSRAZOR for Novell
from Visual Click Software for many
years. It let them create specialized apps to provide specific functionality to
designated users — such as adding user accounts or changing passwords —
without granting them full access to all network authorization functionality.
They were very happy with the product, and although they practiced due diligence
by looking at alternatives, they felt strongly that they would stick with
DSRAZOR for the Windows network. When they piloted the Windows network at a few
sites, they tested DSRAZOR for Windows, just to confirm it was the right choice.
It was, and once they went full-in with the network switchover, they converted
their DSRAZOR license from Novell to Windows.
"We did look around at other
tools, just to see if there was something better," said Kevin Collier, principal
network services technician for the district, "but we were so happy with the
Novell product and we just kept coming back to DSRAZOR for Windows."
DSRAZOR for Windows integrates with Microsoft Active Directory and includes
hundreds of built-in apps for creating, managing, deleting and reporting on
users, computers and groups, as well as for reporting on files and folder
permissions. The apps can be used as-is or modified as needed. Administrators
can also create custom apps, but most of the time Collier finds an app that most
closely meets his needs and then asks Visual Click's technical support team to
customize it for him.
"If we don't have the time or can't figure out how to make
an app work, I just send their tech support an e-mail and usually within 24 hours
I have a working app," he said. Once the administrators have the app they want,
they copy the app's executable file and one or two accompanying DLLs into a
shared folder on the network, where the campus technologists can access it and
copy it to their laptop. "They just run it, and as long as they have the rights
to do what they need to do, they can use the tool," said Collier
The administrators gave campus technologists the ability to create user
accounts and change passwords. While the district does have a password portal
for user self-service, sometimes the campus techs still need the ability to
change passwords themselves. Collier has implemented other apps for different
departments, too, including ones for managing groups. And he uses DSRAZOR's Zero
Privilege Help Desk tool to let some staff delete workstations from the
Even though Collier has full access to Active Directory's functionality and
user accounts, he uses some of the DSRAZOR apps himself to simplify tasks such
as reporting on how many users are members of a group. "I'll get requests from
managers of some of the shares and they'll want to know who has access to their
share, so I can quickly go in and look at any group and pull that data and send
it to them," he said.
Collier likes the tool's ease of use. "When you get into the console, you can
right-click an app to bring it up in the designer tool and make any changes, or
you can double-click on it, to launch the app, so you can see what it does," he
According to Collier, DSRAZOR has taken a lot of pressure off his team so
they can concentrate on other projects.
"It lets us pass issues — like deleting
workstations or changing passwords — off to other users," he said. "The only
time we get a request is if they couldn't change something or something didn't
work in the tool. It empowers our users to handle some of this stuff faster
because they don't have to wait for us to reply to an e-mail or respond to a
ticket. They can just take care of it immediately."
Leila Meyer is a technology writer based in British Columbia. She can be reached at firstname.lastname@example.org.