@Rich Matheisen
Hello Rich,
Forgot to mention, this is all currently on prem.
Interesting questions, the Dev team primarily work in C# and JavaScript with a smattering of legacy VB for some older ASP.NET stuff and of course we write SQL often.
The Inf team I know less about, they certainly don't work with any of the above languages, they do not use Visual Studio and they do write PowerShell scripts I think.
We - Dev - Maintain code that we author, it becomes our responsibility once released, this includes bug fixing, enhancements etc.
There are three broad problems at the root of the work assigned to me:
- Be able to regularly (daily, twice daily, whatever) upsert user data that currently sits inside our database into AD.
- (Less urgently, phase 2 so to speak), be able to upsert a user in a more real-time manner - if a user's name for example gets changed, have AD updated right away or as close to.
- Start to upsert additional user data with a view to having our ADFS provide richer information in the form of claims data.
My brief research and your reply, seem to tell me that this (with the exception of 2.) does not require the design, development and testing of a new console app or Windows Service to actually do the upsert, it seems that power shell scripts can be written or tools like MIM etc leveraged to do this out of the box.
Writing a .Net app that does this strikes me as a bad idea because the detail we'd need to write the code requires a sound understanding of the .Net libraries for AD and testing this becomes complex because it involves both Dev and Inf to closely work together and could lead to bugs etc that impact the overall quality of the AD system.
I cannot see any reason for anyone to write .Net code to do this, AD already has most of our users in it already, these get into the system in various ways and writing code to do that would mean we have to write code that mirrors these other ways, Dev currently play no role in getting user info into AD and once we start to do that we have a whole new area of risk.
Let me know if you share this view, I want to reach out later to a few people and state that this is my advice based on research and experts that I have discussed it with, because I hardly know anything about AD or ADFS I cannot state an opinion until I've dug down like this.