IT strategies aimed at reducing learning loss
10 Reasons Why Your SIS to Active Directory Sync Isn’t Working for Your School
As a result of the pandemic, K-12 IT staff in schools across the country have taken on more tasks and more responsibilities—and the IT function in schools is much more visible. As one IT Director recently quipped, the pandemic brought IT “from the back room to the classroom.”
 
			One of the automations with high and immediate ROI is provisioning your students in Active Directory from your student information system. Like anything, done wrong, it can cost you time and dollars to deal with issues and an ultimate redo. Having done this for more than a decade, we can safely say these 10 reasons stack up as things to watch out for.
#10: There is no sync of your SIS to AD
Is your team creating new student accounts and updating existing accounts manually, one by one? That may have worked in the “before times” when access to digital content was not critical for learning, but no longer.
If you’re an average-sized school district, with 3,000-4,000 students, the effort can be overwhelming. And since students can’t log in without an AD password, you could be facing learning loss as they wait for access.
Bottom Line: Students are losing valuable learning time.
#9: Your AD sync isn’t automated
If your AD is integrated with your SIS, that’s a step in the right direction because you don’t have to manually create new accounts one at a time. But if they don’t automatically sync, you have to import your data from somewhere else, such as a spreadsheet, and run the file through a script every day or every week to create accounts.
This is one step removed from single account entry but it has the downside effect of encouraging “bulking”. This is the effect of waiting until you have enough account changes in the spreadsheet to make it worth the trouble of running the script and dealing with inevitable issues. Still, the kids are waiting for access.
Bottom Line: Students are still losing valuable learning time.
#8: You have an automated sync tool, but it isn’t flexible
Great! You’ve made the leap to syncing your AD with your SIS using an automated tool. Does it follow your data rules and processes or does it require you to conform to its processes and a predetermined set of rules for things like usernames and passwords? If so, it could have significant “knock-on effects” on how you manage users across your school system.
Here are some other examples of how having an inflexible automation tool isn’t working for today’s users, who need highly individualized solutions:
- It doesn’t take care of all your students. Maybe your automation can only handle regular students, but can’t handle students who go to alternative schools, technical centers, students who come in from other locations, or the youngest students.
- It doesn’t update your groups. It doesn’t update all your groups because it isn’t sophisticated enough to determine group placement based on your rules and on different attributes from the SIS.
Bottom Line: You’re working too hard for your integration tool.
#7: Your AD sync only works one way
If your integration tool only allows for one-way syncing—meaning it doesn’t interrogate your AD to see if changes to the system make sense—it may not be meeting your needs. One common problem is student transfers. The SIS pattern of ‘remove from one school and add to another’ can cause duplicates or errors for those students in your AD if the sync does not look in both systems.
Bottom Line: Syncing should be easy and smart.
#6: It doesn’t allow for timely updating
If your automation system can only sync your AD and SIS according to a predetermined schedule, for example, once a day or once a week, it might be sufficient for very small populations but even average size schools will see students waiting for access.
Bottom Line: Your data could be out of date most of the time.
Reality Check: Before the pandemic, about 65% of students had laptops. Now, with that number well over 95%, students do most of their schoolwork on their laptops and many schools are “1:1”. Fast, seamless provisioning is critical to student learning. Without it, students can experience continued learning loss.
#5: It doesn’t protect AD from bad data
Blind automation is as bad as no automation – sometimes worse. For all sorts of reasons, your SIS could send bad or missing data downstream. For example – deleting all students in one school. Your sync should not propagate that.
Bottom Line: Detecting bad data and preventing it from affecting your students is critical.
#4: It doesn’t give you control over system problems
Normally things will just work, but sometimes issues will arise. You should get notified and have the information and control to resolve, without waiting for vendor support.
Bottom Line: Time spent waiting for support tickets equals learning loss.
#3: It can’t perform complex syncs among multiple data sources
While your SIS system may be your primary source of truth, you might have a supplemental information source or certain metadata which doesn’t reside in the SIS. Your sync should be able to combine data from more than one source and handle complex rules. Conversely, it should also allow for seamless provisioning in downstream systems which rely on AD – like Google Classroom and Destiny.
Bottom Line: A poorly built sync could require time-consuming manual intervention.
#2: It doesn’t handle YET
Year-end transitions (YET) in the SIS should be a “non-event” for a well-designed AD sync. Surprisingly, this trips up many systems claiming full automation, sending you back to “manual update land”.
Bottom Line: Effortless YET automation ensures a smoother start to the next school year.
#1: It isn’t secure
An insecure method of syncing SIS to AD is, in many ways, worse than no method. Whether the “sync” you have is the old manual file export/import or if it’s using an automation tool that is vulnerable to attack, you’ll want to address that. The good news is there’s guidance and you have options. Who wants to start their week off with “bad news”?
Bottom Line: Secure your sync or go back to #10!
Sound too familiar?
If any of these scenarios sound familiar, you may want to start investigating the integration tools available in the marketplace to see which one would be best for your school district and your IT team.
ReadWrite Digital’s Integrator provides a fully hosted Active Directory sync from your Student Information System and has been doing so for more than a decade.
- No restrictions
- No installs
- No servers
- No consulting fees
- No unsupported customizations
- No student waiting
No kidding. Check it out.
Read how Lexington City Schools reduced AD Account setup from 1 week to less than 1 hour >
