While one can argue that emergency call trees are likely to be useless in a large-scale disaster impacting telephone and wireless networks, or that they become unwieldy when organizations become larger, almost every business continuity plan has one. Perhaps they will be replaced with emergency notification systems over time, but their usefulness will not diminish soon. How can you easily build, and more importantly, maintain such a structure? Why, by pulling the data from Active Directory using a bit of perl code and the LDAP protocol, of course!

To generate a graph from the data, we will use GraphViz to create a PNG from the output. Since we’ll do this from a Linux or UNIX-based system, check your package manager to determine whether this is already installed or needs to be installed. In fact, to avoid shipping the resulting graphs, it is easiest if you run the script from your intranet web server. Assuming you have GraphViz already installed, let’s proceed!

Overview of Setup

  1. Download the calltree script and place in an appropriate location, e.g. /usr/local/bin.
  2. Ensure the proper ownership and permissions, e.g. make root the owner and set the permissions for owner read+write+execute, group read+execute, and other none.
  3. Next, download the calltree configuration file and place in a secure location, e.g. /usr/local/etc.
  4. Again, ensure proper ownership and permissions. In this case, provide no access to others, since this file may contain Active Directory credentials for LDAP queries.
  5. Modify the script and set the correct location for the configuration file. You should not need to make any other modifications to the script. The line to be modified looks like this:my $cfg = new Config::IniFiles( -file => "/usr/local/etc/calltree.ini",
  6. Modify the configuration file to customize for your environment (see below).
  7. Test the script from the command line.
  8. If everything looks fine, add a crontab entry for root (or other user following appropriate testing), and your call trees will be auto-generated.

Configuration File Customization

The configuration file contains all the settings for proper operation. Follow the instructions in the comments to modify to suit your environment. You will need to modify the following items:

  • DCs
    This designates your Active Directory domain controllers.
  • baseDN
    If all of your users are under one organizational unit, you can specify this, otherwise just point this to your domain.
  • dnExclude
    If you have certain accounts that you want to eliminate from the tree, e.g. generic or accounts not associated with a single person, then these are listed here. You can also list OUs, or any part of the distinguished name (DN).
  • user
    This is the user for binding to your ADS. The user is specified as a DN.
  • passwd
    The password for the above user.
  • outDotBase
    This is the path and first part of the filename that will be used for the dot files — these are input to the GraphViz dot command.
  • outPngBase
    this is the path and first part of the filename for the actual graphs. These are PNG image files.
  • dotExec
    The full path for the dot executable (part of the GraphViz package).

The other parameters may not be necessary to change, but you should look them over.

How does it work?

Whoa! How does this work? And what’s generated?

Every user account in Active Directory has several fields associated with it that can be used to generate a hierarchy. We are taking advantage of two in particular:

  1. Manager
  2. Mobile telephone

A manager’s profile shows direct reports, i.e. those who have this person listed as their manager. Assuming that these fields in Active Directory accurately reflect your organization, this script will generate the proper graphs.

What happens if mobile numbers are not listed?

When someone does not have a mobile telephone number listed in Active Directory, the script will substitute UNKNOWN, and the node on the graph will be drawn differently. Normal nodes are drawn as ovals without fill, but those without mobile numbers will be drawn as rectangles with a light blue fill so that they stand out on the graph.

What if someone does not have a manager listed?

Those without a manager will show up on the top-level of the graph; whether they should or not is up to you. If this is normal, then perhaps you need some other mechanism to reflect how your call tree should be constructed, but it may involve manual effort to set up and maintain — exactly what we’re trying to avoid here.

What graphs are created?

Several graphs are generated, not all of which may be useful to you:

  1. A master call tree graph listing all employees.
  2. A top-level call tree graph listing those without a manager, e.g. president, and direct reports.
  3. A subtree graph for each person reporting to someone without a manager.

A sample master call tree of a very small and top-heavy company, might look like this:

Notice how the mobile number of the HR director is missing? The visual cue is in place to help you know what information you need to make sure your call tree is complete.

How are these graphs to be used?

That’s mostly up to you, but one thing is clear — you have to occasionally copy them offsite or in some kinds of situations you will not have access to them when you need them! However, these graphs are in a lightweight and easy-to-consume format. Put them on portable media for your managers to use, and of course, conduct exercises to prove that your call tree actually works!

Enjoy — and let me know if you find this useful!!!

Advertisements