PowerSchool is a trusted market leader in the education industry that offers a scalable, end-to-end student information system (SIS). Designed for administrators and teachers respectively, PowerSchool SIS is quick to navigate for daily tasks in just a few clicks, minimizing staff system training and driving high adoption rates.
School Districts using the PowerSchool SIS have lots of data contained on the platform, but how do they manage and transfer that data into the Active Directory? Often, the answer is that they do it manually. The IT or helpdesk staff handle the transferral of user data into the Active Directory and other systems. This can be a mundane and burdensome tasks for skilled IT staff who have plenty of other responsibilities. What’s more is that the day to day provisioning is the least of the staff’s worries. The real ‘busy season’ is at the beginning of the school year when graduating student’s accounts have to be disabled, and hundreds of newly enrolled students have to be imported into the Active Directory or moved into new groups as their grade level changes.
If you are one of the lucky schools that are using Power School, all of these users accounts have profiles. In this case, when a profile is created, a field is also populated to define what their username will be (e.g. lastname_firstinitial). Many ask the question, “What is the best solution for synching information from PowerSchool with the Active Directory in an efficient matter?” A possible solution could be to export data from PowerSchool to a .csv file, which can be read in Excel and manipulated (if desired). A script can then be read from the csv file and used to create users. There are many examples in the script gallery and elsewhere. Scripts do however, age poorly and a more common practice in recent years is to use an automatic connector that creates the logic. With an automatic connector in place between PowerSchool and the network, when changes are made in PowerSchool, they are detected by the connector and automatically updated and implemented across the network.
The benefits of an automated connection between PowerSchool and an administrative software include:
- Complete consistency of user accounts in the SIS and the network (Active Directory, for example)
- Faster turnaround times for creating accounts
- Accounts creation is more accurate and has less room for human error
- The ability to apply a workflow for approvals and downstream provisioning
Here is an example of the Logic:
- A header line would be best, defining the comma delimited fields.
- One field must specify the “Name” of the new user. This will be the value of the cn attribute (the Common Name).
- Either another field must specify the value of the sAMAccountName attribute (the pre-Windows 2000 logon name), or the script must assume that the cn and sAMAccountName attributes have the same value.
- Either another field must specify the distinguished name of the parent OU or container (the OU or container in AD where the object will be created), you this must be hard coded in the script (and thus be the same for all newly created users).
- All other attributes are optional, such as givenName (first name), sn (last name), displayName, etc.
- The value of the can attribute is limited to 64 characters.
- The value of the sAMAccountName attribute is limited to 20 characters.
- The following characters are not allowed in sAMAccountName values: ” [ ] : ; | = + * ? < > / ,
- The value of the cn attribute must be unique in the parent OU or container.
- The value of the sAMAccountName attribute must be unique in the domain.
- If any of the following characters appear in the cn, they must be escaped with the backslash, “”, escape character: , # + < > ; ” =