You can synchronize student data in the Identity Vault so that it matches the Student Information System at the beginning of the school year. To accomplish this, you have options similar to the ones outlined in Section 5.4, Synchronizing the Identity Vault the First Time. Consult with your Student Information System administrator; the way your application works might influence your choice, and your application vendor might have a recommended approach.
This section describes the options and issues you should consider.
In this section:
For this option, you delete existing student accounts and home directories in the Identity Vault and use to repopulate the Identity Vault “from scratch” at the beginning of the year.
Your Student Information System application recommends this kind of approach.
We recommend this approach; however, you should consult with the administrator of the your Student Information System.
You don’t need to preserve the files that are currently in the home directories.
You have students who are moving to new schools, their home directories need to be moved to a new server, and you don’t want to move them manually.
You have specified different eDirectory templates for different containers or schools, and you need accounts to be updated to match a new eDirectory template when users move to a new container or school.
Stop the driver at the beginning of the summer.
Remove the eDirectory accounts and the home directories.
IMPORTANT:If existing home directories are not deleted along with existing user accounts, the users who are migrated won’t have a home directory. Identity Manager must create the home directory at the same time it creates a user. It can’t grant the newly created user rights to an existing home directory; instead, it gives an error.
If you had existing user accounts with home directories and you didn’t delete the home directories before using , you need to delete them and repeat the migration.
At the end of the summer when the Student Information System is up-to-date for the next school year, start the driver again and use to repopulate the Identity Vault.
See Using Migrate into Identity Vault to Populate or Update the Identity Vault.
You should use when demand for the server is low, such as on a weekend. If you have more than one Zone configured, we recommend you perform the migration one Zone at a time. The migration can take approximately 20 seconds per user and places a load on the server.
For this option, you keep your existing Identity Vault student accounts and update them all at once using at the beginning of the year.
This option involves stopping the driver at the beginning of summer. At the end of the summer when the Student Information System data is ready for the new year, you start the driver again and use to update existing accounts all at once.
To use this option, the driver must be able to associate existing user accounts with a record in the Student Information System. Therefore, all existing user accounts must have either the Student Information System ID entered in the DirXML-sifSISID attribute (you need to do this manually for users who were originally created by hand), or an Identity Manager association created (the driver does this for user accounts it creates).
IMPORTANT:If the ID is not entered or is not correct, creates duplicate User objects instead of updating existing User objects. There is no command to “undo” , so you would need to remove the duplicates manually.
Using moves student accounts to new containers if necessary. However, the driver does not move home directories, so if the student account moves to a container on a new server and you want the home directory to be on the same server, you must move the home directories manually or with third-party software.
Your Student Information System application recommends this kind of approach.
You don’t need student accounts to be re-created based on a new eDirectory template when they move to a new grade or school.
You want to preserve the files in the home directories.
Stop the driver at the beginning of the summer.
When the Student Information System is up-to-date for the next school year, start the driver again and use to synchronize the Identity Vault.
See Using Migrate into Identity Vault to Populate or Update the Identity Vault.
You should use when demand for the server is low, such as on a weekend. If you have more than one Zone configured, we recommend you perform the migration one Zone at a time. The migration can take approximately 20 seconds per user and places a load on the server.
Move home directories as necessary, such as for students who are moving to a new school and whose accounts need to be on a different server.
You can do this manually. Third-party software is also available to move home directories.
For this option, you keep your existing Identity Vault student accounts, and keep them up-to-date by receiving changes as they are entered in the Student Information System over the summer.
You leave the driver running all summer to receive incremental changes from the Student Information System.
The driver moves students from one container to another as their schools and grades are updated in the Student Information System. However, the driver does not move home directories, so if the student account moves to a container on a new server and you want the home directory to be on the same server, you must move the home directories manually or with third-party software.
is not required for this option.
Your Student Information System application recommends this kind of approach.
You want to preserve the files in the home directories.
You don’t need student accounts to be re-created based on a new eDirectory template when they move to a new grade or school.
You need student accounts to be up-to-date all summer, such as for year-round schedules or summer school.
Keep the driver running all summer.
Move home directories as necessary, such as for students who are moving to a new school and whose accounts need to be on a different server.
You can do this manually. Third-party software is also available to move home directories.
If you put students in graduation year containers (see the example in Figure 2-2), you need to update your tree structure each year to accommodate groups of students moving to new schools.
Manually create new graduation year containers under the school containers they are moving to.
In the Global Configuration Values for the driver, update the container DN and template assignments for all groups of students that are moving to a new school.
Make sure the students are placed in the new container. You have three options for doing this, based on how you want to handle student accounts for each new school year:
Option 1 for a New Year: Repopulate the Identity Vault Using Migrate into Identity Vault
Option 2 for a New Year: Update Existing Accounts Using Migrate into Identity Vault
Option 3 for a New Year: Maintain Existing Accounts All Summer
For this option, if you create the new graduation year containers and update the Global Config Values for the driver after the school changes for students have been made in the Student Information System, then you still need to move students manually to the correct container.
After you have tested the change, and all the students have been moved to the new graduation year containers, delete the old containers.
Move home directories as necessary.
You can do this manually. Third-party software is also available to move home directories.