Jump to content
MrRat

MSP Accounts Plugin - Free

Recommended Posts

This tool is awesome...here are my first impressions but it is looking good.

 

I deployed this to our server this morning and mysql crashed when I restarted the dbagent which unfortunately took Labtech down. Had to restart the mysql services - oops! I'm not sure why this caused mysql services to stop - I've not seen that happen before.

 

One suggestion would be to add this forums' URL to the readme notes and also the about field in the plugin itself so users know where they downloaded the plugin from and where to go for support (assuming this forum thread is the official location?)

 

It would be nice if we could customize the name format - we already use admin firstname last initial for our local domain admin accounts, so it would be nice to be able to change the login in this plugin to use our naming convention instead of adminfirstinitialfulllastname (although this difference made it easy for me to see if the plugin was working successfully.

 

Edit: I noticed that User accounts are created with the Pre Windows 2000 Domain name and the User Logon name is left blank, along with the upn suffix.. Could this be changed to set the UserLogon name instead of the pre Windows 2000 version?

 

Also the ability to change the OU that the accounts get created in - again we already have a predefined OU structure, so being able to dump the accounts in this OU would be great. Mind you, our OU is not exactly standard for example CompanyA in Labtech might be "ou=AdminAccounts,ou=Admin,ou=companyA,dc=company,dc=local" whereas companyB might be "ou=AdminAccounts,ou=Admin,ou=compB,dc=company,dc=local". That does gets slightly trickier to work around without specifiying the admin OU for each location (which is a tiresome process but I guess that is what you get if you don't standardize).

 

Unfortunately we also have clients that don't have domains (yeah I know!) and it would be nice to have an option to say "NoDomain = local user accounts on all computers"

 

Is there any update notification/self updating logic or do we just need to watch this thread for new updates?

 

I'm not familiar with plugin development, but does the plugin utilize scripts in Labtech or is everything hard coded in the DLL?

59ec943d4ea8c_Screenshot-3_31_201610_03_50AM.png.67e1d029c640cb45905514a451898133.png

Share this post


Link to post
Share on other sites
This tool is awesome ... it is looking good.

thank you

 

 

add this forums' URL to the readme notes ... (assuming this forum thread is the official location?)

no official home for this plugin yet

 

 

if we could customize the name format ... Also the ability to change the OU that the accounts get created in

i kept it simple. adding customization like this would require a lot of end user testing/debugging. i'm not really prepared for that.

 

 

changed to set the UserLogon name instead of the pre Windows 2000 version?

i really want to set both. i just don't know how yet. i need to research.

 

 

we also have clients that don't have domains (yeah I know!) and it would be nice to have an option to say "NoDomain = local user accounts on all computers"

hmm. not just the 1 service account but all users. it could be done.

local accounts are a new thing for this plugin and I'm still worried about threading the labtech server to death.

so i'm still thinking about the best way to handle touching all agents.

 

 

Is there any update notification/self updating logic

no. no real home for this plugin yet.

 

 

does the plugin utilize scripts in Labtech or is everything hard coded in the DLL?

the code is all in the DLL, no scripts.

it does create a few database tables.

Share this post


Link to post
Share on other sites
changed to set the UserLogon name instead of the pre Windows 2000 version?

i really want to set both. i just don't know how yet. i need to research.

 

To fix the userlogin information, update the user creation command to include -samid %username% and the upn can be set with -upn %username%@domain.com

I can see the tricky bit obtaining the domain part for the upn.

 

ie this command sets the user account, 2000 login and the upn to different names (to show off)

dsadd user "cn=adminflastname,ou=MYMSP User accounts,dc=contoso,dc=local" -fn Firstname -ln lastname -display AdminALastname -pwd P@ssword1 -email ahlastname@mymsp.com -samid adminalastname6 -upn alastname7@contoso.com

 

The only reason I see the upn being necessary is for accounts that have dirsync enabled with Office365 - without the UPN being filled out, they won't synch up to office365 and therefore our users would not be able to administer the office365 account.

 

 

Hope that helps a bit

Share this post


Link to post
Share on other sites
To fix the user login information, update the user creation command to include -samid %username%

 

I'm already setting the samid

Share this post


Link to post
Share on other sites

I am a brand new Labtech user. We have quite a few customers with workgroup computers (not domain). Most of these users only have one user id on their computer so when they turn it on it goes right to their desktop, does not prompt for password. Users that do have passwords only see their account on the windows login screen. I believe that if we create another local account (admin level) to use with labtech, this admin account will show up on these user's login screens, which will be very confusing and will expose the user id to the end user. Any way of getting around this? Ideally, we want to create a local admin account, on workgroup computers to use with labtech, but do not want it to change the user's experience. Will your MSP Accounts plugin allow us to do this?

Share this post


Link to post
Share on other sites
on workgroup computers to use with labtech, but do not want it to change the user's experience. Will your MSP Accounts plugin allow us to do this?

 

i don't think so

we always make users upgrade to Pro versions of windows and preferably join a domain

Share this post


Link to post
Share on other sites

I have an admin account for each location that I don't want to to change (ie, it is in all the Exchange and Enterprise admin groups needed for Exchange Management). Is there a way to leverage this existing account with the Manage Location tab?

Share this post


Link to post
Share on other sites
I have an admin account for each location that I don't want to to change (ie, it is in all the Exchange and Enterprise admin groups needed for Exchange Management). Is there a way to leverage this existing account with the Manage Location tab?

 

No. It wants to manage its own accounts.

(we had the same issue where we had to go in and reassign Exchange permissions. it's worth it in the long run.)

Share this post


Link to post
Share on other sites

OK. I have assigned a new user and will begin adding the correct permissions to it.

 

On a side note (not sure if this was discussed previously), I was having issues saving the Exclusions for the "Manage locations" tab. We found that the table in the DB was limited to 50 chars. I upped that to 150 and I am now able to save all exclusions. Let me know if there is any issue with this change.

 

Thanks!

Share this post


Link to post
Share on other sites
I was having issues saving the Exclusions for the "Manage locations" tab. We found that the table in the DB was limited to 50 chars. I upped that to 150 and I am now able to save all exclusions. Let me know if there is any issue with this change.

 

Thanks!

 

 

I thought I fixed that in version 2.16.3.26

are you running an older version?

Share this post


Link to post
Share on other sites

MrRat,

 

Can you update the link to the latest 2.16.3.26 download. The current download is still for 2.16.3.23. Also, have you corrected so the plugin shows up in the Plugin Manager?

 

Regards,

 

Jeff

Share this post


Link to post
Share on other sites

After testing I rolled this out and found out some of my users were not created in AD. the plugin showed the user was already there, so ran the script to remove the user. Then reran to include the user. User still does not appear - Not sure why yet - the output from this user is below (domains changed)

domain1.tls: Creation of user failed.

cp2k.corp.cpi.domain2.net: Creation of user failed.

domain3.local: User created but failed to add to Domain Admins.

dom4.local: Nothing was logged.

dom5.local: Creation of user failed.

dom6.local: Nothing was logged.

dom7.local: Nothing was logged.

dom8.local: Creation of user failed.

dom9.local: User created but failed to add to Domain Admins.

Are there any other logs generated somewhere so i can get more details?

Running ver version 2.16.3.23

Share this post


Link to post
Share on other sites

Update - I ran the command manually to add this user to domain1.tls at Manage Locations, selected location, selected add user and added the user successfully. I was able to add the user to all of the other locations with no problems.

The locations with "nothing was logged" already seemed to have the user in existence. (but because the user existed, the domain admin membership did not take place.

As a feature, it would be nice to add the user to all locations again even if the system thinks the user exists rather than doing them individually one at a time.

Share this post


Link to post
Share on other sites

Plugin updated to 2.16.05.31

(requires restarting Database Agent after installing updated DLL)

 

Fixes

----

New GUID so it doesn't conflict with existing plugins. (thanks to rgreen83)

Expanded Excluded Locations column to raise limit on excluded locations. (thanks to hugoh)

 

 

(should have been fixed in a previous release but changes never made released plugin so I rebuilt the DLL and verified changes)

Edited by Guest

Share this post


Link to post
Share on other sites
can you post some screenshots? this looks super useful

 

screenshots are in the first couple posts in this thread

Share this post


Link to post
Share on other sites
Update - I ran the command manually to add this user to domain1.tls at Manage Locations, selected location, selected add user and added the user successfully. I was able to add the user to all of the other locations with no problems.

The locations with "nothing was logged" already seemed to have the user in existence. (but because the user existed, the domain admin membership did not take place.

As a feature, it would be nice to add the user to all locations again even if the system thinks the user exists rather than doing them individually one at a time.

 

 

thank you for following this through. what i really need to do is have the plugin do some troubleshooting and provide better error messages and then provide a way to deal with them.

(im going to have to have a lot of free time to implement this stuff)

Share this post


Link to post
Share on other sites

I have a new one. My new Service Account has expired (I have Auto change set to 89 days for my users). I need to update just the service account password, how do I get that done? ie, I don't want to make my users change their password more often, but this particular client updates more frequently than 89 days.

Share this post


Link to post
Share on other sites
I have a new one. My new Service Account has expired (I have Auto change set to 89 days for my users). I need to update just the service account password, how do I get that done? ie, I don't want to make my users change their password more often, but this particular client updates more frequently than 89 days.

 

That's a use case I hadn't considered. You could login to Labtech as the service account, that would let you change it's password.

Share this post


Link to post
Share on other sites

Now working fine!

 

Fantastic plugin, thanks very much for your efforts with it.

 

When you are setting the service account across all locations, do you have to apply that each time you add a location? Will I need to do the Manage Users > Add User on all new locations?

Share this post


Link to post
Share on other sites
Fantastic plugin, thanks very much for your efforts with it.

 

thank you

 

When you are setting the service account across all locations, do you have to apply that each time you add a location? Will I need to do the Manage Users > Add User on all new locations?

 

When you add a new location you would go to Manage Locations > Select Location > Select Add All Users > Execute Selected Action

the "Add All Users" action adds the designated service account to the location.

Share this post


Link to post
Share on other sites

I am receiving this for a specific location when creating an individual user:

 

The given key was not present in the dictionary.

 

I found the account was locked out, so I updated the password manually and made sure the accounts on the password tab were updated as well.

 

Sorry, was supposed to say I was still getting the error following changing the password.

Share this post


Link to post
Share on other sites

I've been watching this thread for awhile, finally going to get around to implementing. Great work MrRat.

 

Does it copy group memberships from the existing domain administrator? E.g. Exchange Admin groups, etc

Share this post


Link to post
Share on other sites

It does not copy permissions.

 

I set up a script to add the permissions via powershell. I copy down a ps1 and a text file with the user accounts I want to edit.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×