The employees table is primarily fed by the LDAP synchronization but you can actually manually add employees. This is all due to the fact that the database respective application did grow throughout time. It started of with a manual table that then was fed by a simple user-synchronization and finally a complete LDAP change reporting was implemented. Please keep that in mind when looking in to it.

Further can you engage a script that allows you to add employees to your Active Directory from the database. You then only wait for the next synchronization and the employee will show up in the list. You find an example script for this further down on this page.

In any case, employees are used for workstations, software, phone DIDs and within the rights matrix. All those relations including LDAP Groups and even previous workstations etc. can be viewed and directly accessed from here. Additionally you can see detailed LDAP values, as they where last seen by the database.

Manual employee entries are possible and might help to compensate for some special purposes, while you in general and most cases should just rely on the LDAP synchronization process and the table being fed by LDAP / Active Directory.

Additionally it allows you to actually see if the entry comes from LDAP or if it was manually created using the synchronized / Sync column. If it was synchronized, you further have a LDAP last seen column that indicates if the user was actually deleted in your Active Directory.

Even further is there a column # Wkst. that will show you how many workstations are assigned to the employee.

All of this information is useful to filter e.g. for all deleted users that have one or more workstation assigned, to accomplish this do the following:

  • LDAP last seen = >=7/18/2018
  • # Wkst. = >0

Setting those two filters would show you all deleted user accounts that still have workstations assigned in you database. You could implement similar counter columns for software, phones and the rights matrix by just changing the qryEmployees in SQL and adding the columns in Sys Columns in just a few minor steps.

Data field and reference overview

Most of the fields here aren’t editable because they are synchronized from Active Directory.

  • Employee Nr. (editable) and Employee Number (synchronized)
  • Full Name (editable)
  • Department (editable)
  • Status Notes (editable)
  • Software references (editable)
  • Checklists, Notes and Tags (editable)
  • References to the owner matrix, previous workstations and phones and what current workstations are assigned to this user
  • LDAP Attributes (synchronized)
    • Title, FirstName, MddleName, LastName
    • Username, SID
    • EMail
    • User Account Control
    • description, info
    • displayname, userPrincipalName, distinguishedName
    • department, departmentnumber
    • company, physicalDelivery, streetAddress, PostOffice, City, Street, postalCode, State, Country
    • manager
    • pager, facsimileTelphone, IPPhone, HomePhone, Mobile, Phone
    • PrimaryGroupID, LDAP Group membership
    • ProfilePaht, ScriptPath
    • HomeDrive, HomeDirectory
    • WhenCreated
    • proxyAddresses – aka. SMTP addresses
    • Disabled and userAccountControl (decimal)
    • RemovedDate – this will be set when the system detects the account was removed

Example Script for adding new employees

This PowerShell script can be executed directly from the employees view in the database. You need to define it in the SysConfig – only if defined the button will appear at all. This script is already rather complex and walks you through various options in order to create a new account. It sure depends on your configuration and needs – it remains an example and might need adjustments to your specific needs, besides the mandatory OU and Domain values that need to be configured right.