Watching a New User ticket queue from an outside perspective.
Posted by TuxAndrew@reddit | sysadmin | View on Reddit | 49 comments
So I've been monitoring tickets with a new user we have and it has been awhile since I've been baffled by someone's level of competence. We have a pretty standard automated on-boarding process that requires no IT intervention and almost all of the documentation is sent beforehand by HR on the account creation process. General best practice would be that everyone creates their account at least 24 hours before their start date so everything can populate on the back end, but obviously not everyone wants to do things outside of their work hours and before their start date to each their own just accept the consequences of a slow two days getting caught up. The new user has been requesting white glove treatment for the most basic instructions; creating an account, signing an electronic phone agreement, setting up MFA, the whole nine yards etc. So fast forward they started on a Monday and didn't create their account that day, they then pester HR about not having their account only to have HR walk them through the account creation process on Tuesday. Shortly after their account is created they've been hounding the hotline about not being able to login to Outlook and other various O365 applications. That a phone number hasn't been assigned to them even though they still haven't signed the electronic agreement. They indicate that they created the account on Monday and it has been well over 24 hours since their account was created. (Logs clearly indicate otherwise) At what point do you step in an explain the incompetence to their manager? This position would fall directly underneath a c-suite so it does require some tip toeing around, but allowing this behavior to exist is extremely bad for morale.
Forsaken-Discount154@reddit
Create their own account? This should all be automated and ready by Day 1. Ideally, it's synced with the HR platform or at least there's a process where HR can trigger account creation. In our setup, the user logs into their device for the first time, but everything else is handled by Intune with zero-touch provisioning. The full setup takes about 45 minutes, and they're good to go.
TuxAndrew@reddit (OP)
So, you want to know what step the end user didn’t follow in the checklist. Installing MFA and associating it with their account. Would your workflow have prevented user error?
Forsaken-Discount154@reddit
ya, Bruh, that is done before the user starts, as the user's phone number is added to AD as part of the user provisioning step and Duo sends the user instructions via text message when the account syncs on how to get set up MFA ... BUT there is no way in 2025 to automate any of this..
TuxAndrew@reddit (OP)
I never said it couldn’t be automated. If the user ignores the instructions sent via text message how would your workflow have solved that problem. You can’t automated an AD system where users are given the freedom to choose their username.
Forsaken-Discount154@reddit
Why would the user be given the freedom to choose their usernames? Does the organization not have a standard naming policy? Blows my mind..
TuxAndrew@reddit (OP)
Blows your mind that a public university doesn’t want to choose names for students?
Forsaken-Discount154@reddit
Yes, when I went to college, they gave me my username based on a naming standard so that no two account names would be the same.
TuxAndrew@reddit (OP)
That's not why they gave you the username, you can easily prevent two accounts from being the same name while giving them autonomy. I have no clue why autonomy was given that was before my time.
Forsaken-Discount154@reddit
As some one who manages identity for my company this baffles me.. i can see so many avenues for problems from logins to email address problems. Display names sure but account names person@place.com? or company\person..
TuxAndrew@reddit (OP)
You should have seen it after we consolidated domain names into one. The process actually didn’t go that bad, but we had bursar@city.edu etc. I’m not sure what their solution was when they got rid of the city.edu and pushed them to use the same names. Project was well outside of my scope.
Forsaken-Discount154@reddit
The email part is actually pretty easy. We did this a few years ago when we merged a couple of child companies into our parent company. You just update the company name in Active Directory, let it sync to your email provider, and set the old email as an alias. The user logs in with the new u/company.com address, but they'll still receive emails sent to both addresses.
bv915@reddit
It depends on the person's behavior. For folks who are kind, but persistent, I explain the broad-level workings.
For folks who want to get snarky, hostile, or CC the c-suite, I go nuclear --
dak_gg@reddit
same general mood over here, I use the same rubric for gauging my replies and I also just spew the receipts the minute they escalate beyond what's reasonable
BoltActionRifleman@reddit
I follow the same flow. If someone is going to try to hide their stupidity behind anger, I will expose them to the powers that be.
NH_shitbags@reddit
You probably don't need to do anything, except enjoy the show. The incompetence will take care of showing itself.
mtgguy999@reddit
“The incompetence will take care of showing itself.”
Yeah he’ll get promoted soon enough
Happy_Kale888@reddit
Get some popcorn...
TuxAndrew@reddit (OP)
My only recommendation to the tech was to document and keep forwarding the problems to their supervisor.
Zazzog@reddit
u/NH_shitbags is right, and your recommendation to your tech is a good one.
This problem will take care of itself, as long as this new problem user isn't someone in the C-suite's nephew/niece.
Sab159@reddit
User creating their own account - what ? Is that common in the us ? Where I'm from HR will create it in their own software and that'll be synchronized to AD, usually.
TuxAndrew@reddit (OP)
Is that not common? We're a major university, the only information HR provides to the end user is their employee ID. They're able to generate their account from an automated process with their EID, birth date and last name.
SinTheRellah@reddit
Never heard of it before. Why wouldn’t you just auto generate accounts for them?
SpecialSheepherder@reddit
Like 25 years ago, when I was at university, they required me to request my own email account (after you got your ID) since not everyone at the time was actually using email... maybe some past edu best practice that endured throughout history until now?
SinTheRellah@reddit
Could be yeah. I just don't understand why. And I also don't understand why OP considers it "pretty standard" :/
fp4@reddit
Is everyone who gets an EID expected to setup an account?
If not then your system makes sense why it's designed that way.
If it does then it seems odd for your system to fire off the processes to create accounts for them when the info is added to whatever HR database and EID is generated.
TuxAndrew@reddit (OP)
Yes, everyone is expected to setup their own account. Whether it's a group, service, admin, staff, faculty, student etc. The account isn't created until they've completed the process, we allow them to choose their username. Alternatively we could go to a passwordless solution down the road, but our budget is set by the state being a public university. They already have issues getting funding for enough Yubikeys for people that refuse to use their personal phones. I doubt they're going to get enough funding to provide them for everyone including the students.
fp4@reddit
That makes more sense why then it is much more common to just automatically generate the username based on an algorithm or leave it up to HR/hiring manager to decide.
Sab159@reddit
Maybe an industry thing. I've mostly worked with retails company.
waxwayne@reddit
Fortune 50, I’ve never heard of users making their own accounts. We are tied to the HR system. In fact within 30 minutes of being fired everything shuts down automatically.
Quill-@reddit
Make sure the documentation given to the new employee explicitly mentions that the new account being usable might take up to 48h from the moment they create it. And by explicit I mean clearly saying "might not work properly" and not "we recommend the account to be created 24h in advance". Sort of explaining the implicit "why?" in why it's best practice.
Sure many people will not pay attention to it but hey at least you can then point to the documentation to say that they've been informed in advance.
chillyhellion@reddit
Would it be possible to optimize your process? I've found that asking the user or manager to initiate account creation is a dead end, particularly if it requires pre-employment action items.
It sounds like you're aware of this, but your process isn't.
Ideally I would think all account creation should be initiated by HR as part of their onboarding process. If you can get your hooks into that as an ignition point for your own automation, you may be able to improve consistency and provide a better experience for new hires.
Really everything technological should be in place before the user's first day, and HR should be guiding them through agreements and paperwork (like the electronic devices agreement you mentioned), ready to hand over the keys as soon as everything is signed.
TuxAndrew@reddit (OP)
We have 52k staff, faculty and students. I've never experienced this in twelve years, the HR checklist explains the entire process in detail.
waxwayne@reddit
Doing something consistently bad on a large scale still bad.
TuxAndrew@reddit (OP)
If it works 99% of the time maybe the other people are doing it wrong?
SinTheRellah@reddit
You don’t need to know a users password just because your system creates it.
kamomil@reddit
I have never created my own account at any workplace. When I got a new laptop, the IT dept. had to do something to make the 2FA work correctly
I think that you are asking too much of your users, and it caught up to you only now
InlineUser@reddit
I’m not sure how people like this get and keep these jobs. There really is no basic tech literacy review or common sense evaluation in interviews I suppose.
I wonder if their incompetence is so astounding that employers worry that terminating them could lead to them being sued for some sort of undisclosed disability discrimination. And if they are disabled, okay, accommodations can and should be made.
Disabilities aside, it’s always people who cannot (or refuse to learn to) do the work that bark the loudest and blame others. I’ve seen it countless times with ineffectual management and problem employees. Taking no responsibility, accountability, blaming any and all they can. Literally gaslighting people into believing insane impossible things because deep down they know they shouldn’t be here, they’ll be found out, they’ll be let go. I truly believe this behavior comes from deep insecurity and refusal to learn or help themselves.
Maybe advise your supervisor just to protect yourself from being wrongfully blamed. Take extra meticulous notes regarding their tickets. Have a trail that shows you provided everything and they dropped the ball when they say “I was never onboarded, I was made to sit here while IT forgot me”.
kamomil@reddit
Probably a friend of some higher-up.
i-took-my-meds@reddit
The most egregious among them actually take pride in their ineptitude because it lets them work slower and creates busywork they can use to justify their mediocre productivity. Never hire somebody with a victim complex else you'll be working two jobs.
waxwayne@reddit
Account creation process? I’ve been doing this for 25 years and I’ve never had a user create their own account. Even back when it was Novell I created the account. Now everything is tied to the HR system and account creation is automatic. Am I just old school?
moderatenerd@reddit
How old are they? Sounds like gen-z incompetence
chillyhellion@reddit
Definitely make an effort to pull yourself out of your bias spiral.
It sounds like you may be at that stage where you view any unattributed incompetence as affirmation of your bias, which locks you into rigid thinking.
TuxAndrew@reddit (OP)
Definitely older, they've had a PhD for 19 years.
BloodFeastMan@reddit
How long in the private sector? I've known a few people who were basically career students living on corporate grants, and were used to being worshipped. Big culture shock getting a real job.
ThatLocalPondGuy@reddit
Reply directly to the user's claim, in the ticket, of when they created the account with a screenshot showing timestamp of the action from the logs. Then give them a bullet point list of steps to take, explaining expected wait times. If they need assistance with any step, ask. Then, just reply with documents, asking the same each time and providing the help with a smile on your face, documenting time spent.
Send the ticket number to your manager and ask them to review, stating your concerns this person may be a risk due to documented and repeated failure to read instructions.
Rinse and repeat. You remain the good guy in everyone's eyes, AND you help keep the company safe from these absolute imbeciles. Their refusal to do anything not shown to them first showed an inability to use critical thought, and they will be the one to get successfully phished. It is a legitimate risk on any serious business risk register.
i-took-my-meds@reddit
Your post started with a typo that you were, "impressed by their level of competence," and I was actually a little excited to read a success story for once. Guess not 😂
pdp10@reddit
It might be wise to treat this as an opportunity to study your existing automation and look for places it should be made more user-friendly. Perhaps better feedback, for example. Signing the electronic AUP is obviously the blocker to you, but perhaps it isn't so obvious to others without a dependency chart.
progenyofeniac@reddit
That’s the kind of thing I’d mention in passing to a manager or higher, but I wouldn’t go out of my way to tell them about it.
If they ask, by golly I’ll share the logs though.
Moontoya@reddit
Document it, ensure your management chain is seeing what you are
Forewarned is forearmed , it's a lot easier to squash politicians when you've an airtight case