A large school district with more than 120 campuses` was having difficulty using their Paxton access control system, which was set up with 4 separate servers to accommodate the size of the school district. Over time, as more users needed to be added to the system, it became laborious, as they would have to add each new personnel 4 times (or to each server). With limited functionality and tight budgets, the school security director called on the Open Options Professional services team to provide an enterprise solution that would rid them of the limited functionality. The answer was DNA Fusion.
“To start, we had to create a Powershell script for the system to assist with day-to-day management until they have completed the overall project,” stated Michael Digby, Professional Services & Sales Engineer for Open Options. “We initially were called to a meeting by the school to provide a plan to upgrade to DNA Fusion, but before we could meet, a tropical storm forced the district to close. At this point we had to work quickly before the storm hit.”
Meanwhile, back at the Open Options headquarters, the Professional Services team got to work quickly to set up a mock database that would re-creating some of their Active Directory structure to ensure the script could handle the number of access levels/security groups the District had. Along with the script there was also an issue with the naming convention of the access levels versus the security groups, so a bit of programming had to be done to create a table to match them correctly.
With ETA hurricane lurking on the horizon, it didn’t stop the team from laying out a plan for the district to use while they move to DNA Fusion completely. To do this, the team had to be given access to the network, VPN and server. Once the access was granted, the team began testing PSAD Script, which then alerted the team to an issue. After much investigation, it was discovered that the server was only configured with 4 GB of RAM and, to complete a scan of the 128 ODX packages, it took almost an hour!
At this point the Open Options team notified the customer that this delay meant the AD portion of ODX was not real-time, and the team suggested bumping the RAM up. Due to a delay of packages being scanned, the team used the remainder of the day to start going over items sent earlier.
The Challenge: Knowing that the District was having to remove access levels manually from personnel records, which was taking many hours to do, and with a hurricane approaching, the team had very limited time to create a solution. With no time to waste, the team set up quickly an in-house solution that they were able to develop and test. They created a plan to utilize Powershell to scan Active Directory Security Groups. This script handles adding and removing access levels based off Active Directory accounts being added or removed to Security Groups. The other task while on-site was to address a list of topics to help in the interim, and it helped explain why/how to use different features within DNA Fusion.
The team arrived on-site and started working on testing the PS AD Script. Due to the delay with OpenDX and even with the RAM being increased to 8 GB, all the existing scripts were disabled.
“This allowed for faster testing of the new scripts being implemented said Digby. I modified the Powershell script to pull info from nested AD Security Groups and setup Task Scheduler to run batch file every hour. I tested several access levels and removals before enabling scanning of all AD Security groups and emailed the customer to move the test user into several new AD Security groups to confirm functionality. Soon after Hurricane Eta hit, the district closed down the schools. In the end, we managed to configure and build an interim solution before the storm hit.”
Once again, the Professional Services Team at Open Option proves there are no limits in aiding customers!