You may want to consider using something like firstname.lastname for
the username, though adding the graduating year as well may help to
avoid name conflicts.
I would, however, be hesitant to use the internal AD structure for
long term authentication for external Web services. I would think
that over time, you would need to have an increasing number of people
with account operator rights mucking around in the AD structure
responding to external customer service issues (like password resets).
And AD does mot really have an inherent challege-response system for
end user self service. It might prove to be more manageable long term
to dump usernames for alumni to a more robust database infrastructure
that can be extended to handle any challenge response needs.
Having said that, if you are already using an AD integrated Web
service (i.e. Sharepoint), you could have a sub-domain within AD for
alumni accounts. This would allow you to give account operator rights
to just the sub domain for internal staff to handle customer service
requests without letting them mess with the internal AD
infrastructure.
TJ
On 9/16/09, Jim Heynderickx <jheynder@gmail.com> wrote:
> Hi, All
>
> Here's a nuts and bolts questions. We're thinking about our username
> and password system, because
>
> 1) We have 5,000 users competing for the same type of username
> (lastname and first initial).
> 2) We have a large percentage move out of competition each year, but
> then have to have changed usernames and passwords for ongoing online
> alumni services.
>
> Has anyone changed their username protocol to be more permanent? For
> example, I could be heynderickxj07 (with 07 being the year I arrived
> at the school) instead of heynderickxj. That way, I would compete
> with only 1,000 others for username configuration, and moving into the
> future my username would never change, even after leaving the school.
>
> Second question: if we structure the usernames like this, we might
> consider having all authentication remain in active directory (so that
> neither username or password would change at the point of departure
> for online alumni services). To do that for all users, though, we'd
> need a strong online page for changing or maybe even challenging
> passwords (or requesting a reset password). Any recommendations for
> this solution?
>
> Thanks!
>
> Jim Heynderickx
> Director of Technology
> American School in London
>
> [ For info on ISED-L see http://www.gds.org/ISED-L ]
> Submissions to ISED-L are released under a creative commons, attribution,
> non-commercial, share-alike license.
> RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L
>
--
Sent from my mobile device
TJ Rainsford
E: tjrainsford@gmail.com
[ For info on ISED-L see http://www.gds.org/ISED-L ]
Submissions to ISED-L are released under a creative commons, attribution, non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L
