Thursday, May 7, 2009

Google Apps user provisioning

Google Apps user Provisioning
Last time I wrote about Outlook Live, but hey, there's an other bloke in town. It's Google Apps. For educational purposes its free. But how to manage it? Well that was some interesting problem to solve. Google advices to send requests by some threads in the background. But UMRA is not designed that way. Why not? Well in UMRA we have scripts, those scripts consists out of actions. For example 'create user in ad' or 'set value into variable' or 'if-then-else' or 'goto' etc. every action has a label (important for the if-then-else and goto constructions) and every action has properties. The property set differs of course per action. The create user in ad action has lots of properties to specify name, rights, profile etc. Those actions also have an on-error handling. The script is executed in sequence. So if the action 'create user in google' was processed in a background thread. We would not know if this action succeeded or not. So the on-error handling could not work.

That caused an interesting challenge when I was designing those actions. But I found a solution in the end (would I blog about it if I didn't? ;-)).

Well if you are not interested in all the technical stuff.. just read on at 'Finally'

When a user is created into the Google Apps domain by UMRA its not created immediately it's put in a cache. When I add this user to a group, this action could only succeed when the user is created correctly, so the second action depends on the first. With all the stuff in Google (users, nicknames, groups) a huge combination of dependency had to be worked out. Also we want to have some efficiency. So if I create a user, add it tot a group and then, I remove the user, nothing should happen when the user was not yet created, but when it was, it has to be removed.

So not only I want to put all my Google Apps user provisioning actions in the background, I want them to execute in a special order, in PowerShell v1. So what I need is a thread pool and a thread object. The thread object has a own PowerShell host and pipeline, it has its own status (running, successfully executed, failed, etc.) it can be depending on an other thread object and the the users, groups, nicknames etc. in the cache are connected to there thread objects. Well after putting all parts together I've created my super fast, multi threaded Google Apps user provisioning engine for UMRA.

Some other is issue is that Google Apps will not allow to many requests after each other. So when they send back this 'to many requests' state I have to wait and try again. But after building all those exception handling etc. Everything is working fine.

Finally I've created a function which will check every finished thread in the pool for its status, and send it back to UMRA. When the state is send back to UMRA the thread is removed. This function can go on until all threads are removed. Neat huh.

Now we at Tools4ever can offer you a fast and reliable solution for Google Apps user provisioning. For more information just contact your local Tools4ever reseller.

Happy Connecting...

No comments: