We are implementing a mobile device management product called Airwatch. The product will require pre-approval to use and will be a prerequisite to being allowed to connect a mobile device to ActiveSync. Soon we will need to regularly disable ActiveSync for everyone who isn't on the 'approved' list, which will change over time. Currently this list is split up on multiple sheets within a single Excel workbook. Some sheets have a header and others do not, and the names are always in column A at this time. I would assume some how we need to add information to this source document which can be cross referenced to the domain account, and it needs to be able to be found by a non-admin.
I'm looking for the most efficient way to have a non-admin easily manage the approved list but also have it available in a format which we can use to regularly update a security group. Then we would have a scheduled task on the database server to disable ActiveSync for all and re-enable it for only those in the security group. I'm concerned about the gap between what is easy to maintain and readable for the non-admin and what they would need to do to generate the conversion for the security group file. We have a custom schema extension for all employees named EmployeeID which is unique per person but I don't know if we could reference that in the source file to build the membership.
I found this powershell code, but the friendly parameters are DN & SAMAccountname, which might be difficult for the non-admin to determine:
Import-CSV $file | % {$myGroup | Add-ADGroupMember -Members $_.Alias}
Keep all the names in one Excel sheet, and export to a CSV regularly? Other ideas?
Thanks!