Completion Report
Project Summary
The project successfully delivered improvements to the AD and Exchange IDM provisioners.
The project was originally planned to deliver in August 2022 but faced repeated delays due to:
- Resource unavailability (industrial action, illness, need for recruitment)
- Delays to ordering and delivery of Office 365 licences
- Changes in scope
Changes to project scope
The following changes to the project scope were approved:
Objectives and Deliverables
|
|
Description of the Objective |
Priority |
Success Criteria |
Achieved |
|
Objective 1 |
Understand and Document Code |
|
|
|
|
Deliverable D1.1 |
Review provisioner code, understand what it does and document. |
Must have |
Documented code signed off |
Y |
|
Deliverable D1.2 |
Propose where actions can be moved out of provisioner code and into PowerShell or global defaults |
Should Have |
Proposal signed off |
Y |
|
Deliverable D1.3 |
Propose where additional improvements to IDM/AD connector and the Exchange provisioner could be made via this project. |
Should Have |
Proposal signed off |
Y |
|
Deliverable D1.4 |
Implement changes proposed in D1.2 and/or D1.3 |
Could have |
Changes implemented |
Y |
|
Deliverable D1.5 |
Reassign ongoing support of code from Applications to ITI |
Could have |
Handover completed |
1. Mailbox provisioning incorporated into AD provisioner and supported by ITI Enterrprise 2. Existing Provisioner continues to generate "Welcome and "Closure" emails and is supported by IS Applications. |
|
Objective 2 |
Assignment of licences using business logic |
|
|
Y |
|
Deliverable D2.1 |
Specify requirements for new user account licensing |
Must have |
Requirements signed off |
Y |
|
Deliverable D2.2
|
Update code to assign O365 licence for new user accounts depending upon AD group |
Must have |
Updated code implemented |
Y |
|
Deliverable D2.3
|
Migration process to ensure correct licences can be assigned to each user |
Must have |
Agreed licence changes implemented. |
Y |
|
Deliverable D2.4 |
Standard solution for assigning A3 Faculty licences to users outwith eligible AD groups |
Must have
|
Standard solution published. |
Y (Now A5) |
|
Objective 3 |
Implement Forename surname ordering |
|
|
|
|
Deliverable D3.1 |
Specify requirements for forename surname ordering |
Must have |
Requirements signed off |
Y |
|
Deliverable D3.2 |
Update code to assign forename surname name ordering in the GAL. |
Must have |
Updated code implemented |
Y |
|
Deliverable D3.3 |
Documentation updated to reflect AD fields. |
Could Have |
Documentation published. |
Y |
|
Deliverable D3.4 |
Migration process to update Forename Surname ordering, including current exceptions. |
Must Have |
Migration process approved. |
Y |
|
Objective 4 |
Improve security practices |
|
|
|
|
Deliverable D4.1 |
Propose updates to the code to ensure best security practices are followed
|
Must have |
Proposal signed off |
Y |
|
Deliverable D4.2 |
Generate random passwords for new accounts in AD instead of using that supplied by the IDM |
Must have |
Updated code implemented |
Y |
|
Deliverable D4.3 |
Additional security improvements as approved in deliverable 4.1 |
Could have |
Improvements implemented. |
Y |
|
Objective 5 |
Communications and Consultation |
|
|
|
|
Deliverable D5.1 |
Successful liaison with stakeholders. |
Must have |
Stakeholders consulted and comms plan approved. |
Y |
|
Deliverable D5.2 |
EQIA completed |
Must Have |
EqIA approved |
Y |
|
Deliverable 5.3 |
Communications plan |
Should Have |
Communications plan approved delivered. |
Y |
Requirements
|
|
|
User/Owner |
MoSCoW |
Achieved |
|
1 |
To ensure the code which underpins the provisioning of accounts in Active Directory and account provisioning on Office 365 can be supported going forwards. |
Graeme Wood |
M |
Y |
|
2 |
To update code allowing assignment of licences using business logic rather than hard coding |
Graeme Wood |
M |
Y |
|
3 |
To implement forename surname ordering in the GAL |
Graeme Wood |
M |
Y |
|
4 |
To ensure best security practices are followed |
Graeme Wood |
M |
Y |
|
5 |
To generate random passwords for new AD accounts |
Graeme Wood |
M |
Y |
|
6 |
To identify and implement additional in-scope software improvements |
Graeme Wood |
C |
Y |
|
7 |
Inclusion of pronouns or titles in provisioning processes |
Graeme Wood |
W |
N |
|
8 |
Updating of existing AD passwords |
Graeme Wood |
W |
N |
Benefits
Benefits already enabled by the Project
1. Improved cross-team awareness of this vital code
2. Improved ability to meet business requirements for assigning Office 365 licenses and facilities to separate groups of users
3. Improvements in the user experience because of changes to name format
4. Improved security of the provisioning process
5. Better targeted use of A5 Faculty licences
6.Significant (three fold) improvements in mailbox creation times and (five-fold) reduction in mailbox creation backlog delay at exam results release.
7. Significantly reduced mailbox activation failures and associated reduction in Helpline, Service Management, Service Management, Production Management and ITI fault resolution effort
8. Cross-team working relationships, between ITI Enterprise, Service Management and production management were further improved.
Analysis of Resource Usage:
ITI Enterprise Staff Usage Estimate: 40 days
ITI Enterprise Staff Usage Actual: 75 days
ITI Enterprise Staff Usage Variance: 190%
Project Services Staff Usage Estimate: 20 days
Project Services Staff Usage Actual: 46 days
Project Services Resource Staff usage Variance: 230%
Explanation for variance:
- Significantly increased project timeline
- Significant changes to project scope
- Complexity of development and testing due to changes in project scope
Lessons Learned - Issues and Risks
- Neglecting to test in MyEd
- Not all testing possible in TEST - ACTION: we will create additional mail domains in TEST (I240430-2174)
- Disparity in staff numbers between IDM and People and Money
Outstanding issues
The following will be dealt with as BAU tasks
1.A1 basic licences were not received in time for the project to apply (and have not yet been received) and must be replaced as a BAU task before A1Plus licences are deprecated later in the year
2. Not all eligible staff have been granted A5 licences as we do not have enough to grant. Service management are working with HR to understand what a sufficient "bank" of A5 licences will be.
3. Decision on charging business for upgrading A1 to A5 licences
The following issues were resolved
4. Note post-deployment issues with email aliases - fixed
5. Note post-deployment issues with email to suspended accounts - fixed.
The following will be taken forward by the project team as a final task
6. If project creates a report noting status of queued, failed or faulty mailboxes - who will monitor and resolve these issues?
ACTION: - Project will arrange a handover with Service Management Service Team. (COMPLETED 10/524)