Z-Hire V5 Administration Guide

The main purpose of Z-hire is to allow for fast account deployment. Usually when an administrator

provisions a new user account, multiple consoles are used to get the job done. Z-Hire uses a template

concept that allows for system administrators to save frequently-used settings for multiple IT systems.

With just a click of the button, your Exchange mailbox, and Active directory and Lync account and

SalesForce account will be created simultaneously. Z-Hire serves as the platform for new hire accounts

by allowing auto-creation of major IT accounts with the option for custom PowerShell scripts.

Requirements

System Requirements

- Windows 7 x64 (Domain Joined, .Net 3.5 and 4.0 Installed)

- Windows Server 2008 x64 (Domain Joined, .Net 3.5 and 4.0 Installed)

- Windows Server 2008 R2 x64 (Domain Joined, .Net 3.5 and 4.0 Installed)

- Windows Server 2012 x64 (Domain Joined, .Net 3.5 and 4.0 Installed)

Permission Requirements

For on-premise systems, Z-Hire uses current logon windows credentials to create user accounts

avoiding the hassle to enter credentials manually. You may use Run-as function to run Z-Hire

under user account with proper permissions. This is why you must run Z-hire on domain joined

computer and logged on using credentials with below permissions:

- Ability to create Active Directory user (Active Directory Account Operator)

- Ability to create Exchange Mailbox (Exchange Recipient Administrator)

- Ability to create / enable Lync user (CSAdministrator)

Supported Environments

- Active Directory (all versions)

- Exchange 2007 (all versions)

- Exchange 2010 / 2013 (all versions)

- Lync 2010 / 2013 (both Standard and Enterprise versions)

- SalesForce Cloud

- Office 365 Cloud

PowerShell Remoting

- PowerShell remoting is usually enabled by default, but please make sure it is enabled on your

Exchange and Lync servers you are connecting to.

- Ensure all Exchange/Lync Servers are enabled for PS remoting. This is done by running

"Enable-Psremoting" powershell command on Exchange/Lync server you wish to connect to.

- Fill out "Environment Config" portion of the form. Use "File" > "Save Environment Config" to

save configuration to select template.

- Use Options>Environment Auto Discover to automatically load environment

configuration.

Templates

Templates feature allows an administrator to easily save a set of commonly-used user

information. This speeds up the account deployment process. For example, you can set a

template for each business department such as Marketing and as a marketing template; you

may select a list of marketing Active Directory groups, marketing mailbox database, marketing

users Active Sync Policy, etc.

Load Template Settings Use the drop down box to simply load template settings. You can also

use the Search function to search for templates.

Save Template Settings Use File > Save Configuration to save template settings. Settings will

be saved to current template.

Hide / Unhide Systems

You may hide unused systems by going to OPTIONS > Show/Hide Systems

. Generate User Summary Information

This option generates new hire users data such as Firstname, Lastname, Displayname,

SamAccountName, Password, SMTP Address, etc. to a text file in same directory as Z-Hire. The

intent is to allow system administrators to easily copy this information from text file to new hire

documentation that will delivered to end-user. Note that this option will write new users

password to text file.

Active Directory

[ENVIRONMENT CONFIG]

New Users AD OU This is a DN of an OU where new Active Directory users will be created. Example:

ou=newusers,dc=mydomain,dc=net

UPN Suffix This is your AD domain name in FQDN format. This will be used for Active Directory

account upn suffix. Example: mydomain.net. This domain will automatically append to UPN field under

User Information.

User Account Formats Here you can specify the user account format for your AD environment. Use

variables to set the format you wish. For example, if your Displayname format is Doe, John use

%lastname%, %firstname%. Variables must be in lowercase and spaces will have an end effect.

Default Password This is the password that will be set for the new AD account. Make sure this meets

your domain password complexity requirements.

Must change password at next logon This is the same as ADUC console option for must change

password at next logon.

[USER CONFIG] TAB 1

Office - This set the Office Active Directory attribute for the new AD account.

Street - This set the Street Active Directory attribute for the new AD account.

City - This set the City Active Directory attribute for the new AD account.

State / Province - This set the State Active Directory attribute for the new AD account.

Zip / Postal Code - This set the Zip code Active Directory attribute for the new AD account.

Country / Region - This set the Country Active Directory attribute for the new AD account.

Account Disabled Disables the new AD Account.

Password never expires Set new AD account status to password never expires.

Company This set the Company Active Directory attribute for the new AD account.

Department - This set the Department Active Directory attribute for the new AD account.

Manager - This is a SamAccountName or Displayname of the manager.

Notes - This set the Notes Active Directory attribute for the new AD account.

[USER CONFIG] TAB 2

Profile Path - This set the profile of the AD account.

Logon script - This set the logon script of the AD account.

Home Folder Path This sets the home folder path for AD account, then it creates the folder with

specified permissions. You may use variables here such as %username%. Example:

Netapp01\users\%username%

Remote Access Permission- This set the remote access permission for the new AD account.

[USER CONFIG] TAB 3

departmentNumber - This set the departmentNumber attribute of the AD account.

division - This set the division attribute of the AD account.

employeeID - This set the employeeID attribute of the AD account.

employeeNumber - This set employeeNumber attribute of the AD account.

employeeType - This set the employeeType attribute the AD account.

JPG Photo - This set the jpegPhoto and thumbnailPhoto attribute of the AD account. Note that this

photo must be less than 10k in size and 96x96 pixels. Z-Hire will automatically resize it to specs if

requirements are not met. This photo is usually used for Outlook and Lync.

Exchange 2007

Exchange 2007 Management Shell Exchange 2007 Management Shell must be installed on a

computer that is running Zohno Z-hire.

Mailbox Database Exchange 2007 Mailbox Database, example: EX01\Storage Group1\DB1

Managed Folder Policy Exchange 2007 Managed Folder Policy

ActiveSync Policy Exchange 2007 ActiveSync Policy

Additional SMTP Address Full SMTP address of the additional SMTP address, example:

SuperMan@zohno.com

CustomAttribute1 Set Exchange Mailbox CustomAttribute1

Hidden from GAL Hide Exchange Mailbox from Global Address List

Grant full access permission Same as running Add-MailboxPermission fullaccess

Grant send on behalf of Same as running Add-ADPermission

Forward to SamAccountName of user where mail will be forwarded to

Issue warning at Issue warning at quota for the mailbox. If this field is blank, it will use

Database default quota

Prohibit Send at Prohibit Send at quota for the mailbox. If this field is blank, it will use

Database default quota

Prohibit send and receive at Prohibit send and receive at quota for the mailbox. If this field is

blank, it will use Database default quota

Keep deleted items for Keep deleted items for quota for the mailbox. If this field is blank, it

will use Database default quota

Exchange 2010 / 2013

Exchange 2010 Server FQDN of Exchange 2010 CAS or Mailbox Server.

Mailbox Database Exchange 2010 Mailbox Database, example: MailboxDatabase01

Archive Database Exchange 2010 Archive Mailbox Database. If this field is set, archive

mailbox will be created for user.

Retention Policy Exchange 2010 Retention Policy.

ActiveSync Policy Exchange 2010 ActiveSync Policy

Managed Folder Policy Exchange 2010 Managed Folder Policy

Additional SMTP Address Full SMTP address of the additional SMTP address, example:

SuperMan@zohno.com

CustomAttribute1 Set Exchange Mailbox CustomAttribute1

Hidden from GAL Hide Exchange Mailbox from Global Address List

Grant full access permission Same as running Add-MailboxPermission fullaccess

Grant send on behalf of Same as running Add-ADPermission

Forward to SamAccountName of user where mail will be forwarded to

Issue warning at Issue warning at quota for the mailbox. If this field is blank, it will use

Database default quota

Prohibit Send at Prohibit Send at quota for the mailbox. If this field is blank, it will use

Database default quota

Prohibit send and receive at Prohibit send and receive at quota for the mailbox. If this field is

blank, it will use Database default quota

Keep deleted items for Keep deleted items for quota for the mailbox. If this field is blank, it

will use Database default quota

Lync 2010 / 2013

Lync 2010 FrontEnd Server FQDN of Lync 2010 FrontEnd Server role.

Conferencing Policy Lync 2010 Conferencing Policy.

External Access Policy Lync 2010 External Access Policy.

Peer-to-Peer Audio Video Enable or Disables Peer to Peer A/V.

Registrar Pool FQDN of your lync registrar pool.

SIP Domain Lync 2010 SIP domain.

Archiving Policy Lync 2010 Archiving Policy

SipAddressType Choose your Lync SIP address type

Client version policy Lync 2010 Client version policy

PIN Policy Lync 2010 PIN Policy

Location Policy Lync 2010 Location Policy

Client Policy Lync 2010 Client Policy

Custom Script

Custom script allows administrators to extend function of Z-Hire by running an additional

PowerShell script prior or post to creation a new user. Make sure Set-ExecutionPolicy

unrestricted PowerShell command is set. Z-Hire allows for script argument customization also.

If you want to pass down the new hire SamAccountNane as an argument, simply choose

SamAccountName. If you have more than one argument, use the read-host command

within PowerShell instead of script argument. Since Z-Hire will spawn an instance of

PowerShell, you can use interactive commands such as read-host and write-host.

Script Path Local script path of your script. No spaces are allowed in the path.

Script Argument argument for the PowerShell script. This field is not required. Usually this is

the SamAccountName. For example, if script path is c:\scripts\dosomething.ps1 and

argument is SamAccountName, script command will be c:\scripts\dosomething.ps1 john.doe

Script Sequence Choose if PowerShell script will run at prior or post to creating a user.