Active Directory Update - Allow users to update their own Active Directory information
Home | Installing | Customizing | Evaluating | Downloads Purchasing | FAQ / Support | Tech Notes | About
 

Frequently Asked Questions

  1. Why Directory Update?  Because GALMOD sucks and manually changing 1,000 user's telephone numbers is not fun.  :-)
  2. Who is ITCS Hawaii?  ITCS Hawaii is a small Exchange and Active Directory consulting company. See the About page.
  3. Can you replace the drop-down list fields with text boxes?  Not in the current version.  The drop-down lists exist to ensure users enter only specific data in to those attributes; many organizations use these for Exchange Address List creation and they must be accurate.
  4. I want custom feature X - Will you include that for me?  Custom changes and extensions are available for customers at the rate of $75.00 per hour.  Most simple changes requires one to two hours.  No work is performed without a mutually agreed upon estimate and work to be performed.  Please contact us.
  5. What are the limitations of Directory Update? See the Limitations section on this page.
  6. What are the requirements for Directory Update? See the Requirements section on this page
  7. Can you include "validation" code for X field?  Validation code for most fields can be created at the custom rate of $75.00 per hour.
  8. Will I get free updates?  Yes, for one year from date of purchase.  We are flexible, though. If we release a new release 14 months after the date of purchase, we will be inclined to give it to you.
  9. Can I use the software without customizing it?  No.  The Directory Update application is designed to be customized for each organization's needs.  The APPSETTING.XML file will need to be updated and customized for your organization.
  10. Will Directory Update run on an Exchange Server?  Yes, it has been tested with Exchange 2003 and does not seem to interfere with Exchange.
  11. Will Directory Update run on a SharePoint Server?  This is not recommended, but we have tested it and it works.  See Tech Notes.  Remember that the ASP.NET component of the Application Server is required.
  12. Will Directory Update run on a Windows 2000 server? No. It requires features of IIS 6.0 (such as ASP.NET) and thus will not work.
  13. Does the service account have to be a member of Administrators or Domain Admins?  Not necessarily. An Account Operator can do most everything the service account requires (except update members of Administrative or Operator groups)
  14. Should I use SSL for my web site that hosts Directory Update?  Yes, we recommend using SSL. The credentials are passed over the network in "clear text".
  15. Can Directory Update be used against other LDAP directories?  No.
  16. Why are you using a logon form instead of allowing for Integrated Windows Authentication?   Original design called for the software to work with other web browsers, though it still works best with Internet Explorer.

Getting Support

Most common questions and issues are answered here on the web site or in the documentation.  "Next business day" e-mail support is available for customers, though we usually try to return e-mails the same day.  Contact mattsuriya @ somorita.com for support.

Revision History

Here is the revision history for the software. The latest version can always be downloaded from the Evaluation page.

  • v1.0.0 - June 24, 2006 - First commercial release.
  • v1.0.1 - August 4, 2006 - Update to fix evaluation version when U.K. and European time formats are used on host system.  Change telephone number maximum field length from 20 characters to 30 characters.  Increased evaluation period from 5 days to 10 days.  Change text on "Reset" button on main form to "Cancel".
  • v1.0.2 - August 7, 2006 - Changed the way expired evaluation code works so that resources are not initialized.

Common Problems

  • Cannot update some users.  If the service account you are using is a member of Account Operators instead of Domain Admins, it will NOT be able to update other Operator or Admin level accounts.

Limitations

The Directory Update application currently has the following limitations and restrictions:

  • The application can update user information only in a single Active Directory domain
  • A user can only update their own attributes; they cannot update attributes for other users.
  • Telephone number fields have a maximum field length of 20 characters. The phone number format is not validated
  • For attributes that use drop-down list of validated data (such as the list of valid states), if the current value in Active Directory does not exist in the validated list, the Directory Update application will clear that value from Active Directory.
  • Application uses a static domain controller name; it does not auto-discover all available domain controllers in a domain
  • Logging in via a UPN name is not supported

Requirements

Prior to installing the Directory Update application, the directory administrator must designate a computer on which this web application will be installed. This server can be a domain controller or a member server. The following are the requirements:

  • Windows 2003 Server SP1 or Windows 2003 R2
  • IIS World Wide Web Service must be installed
  • The .NET Framework v1.1 
  • Server must be a member of the Active Directory
  • A service account must be created
  • --- The service account password should have a strong password
  • --- The service account password must not expire
  • --- The account must be a member of a group such as Account Operators, the domain’s Administrators group, or other group that has permissions to update user accounts in the Active Directory. Note that the installation program currently checks for Domain Admins membership.
  • The administrator installing the Directory Update application must be a member of the local Administrators group on the computer it is being installed
  • SSL is recommended but not required. If you do not use SSL, then this application should only be visible from within your own Internet since user information will passed over your network in clear-text.

While this is not required, we recommend that the Directory Update application be on its own web server. While it should interoperate fine with other web-based applications, all of our testing has been on an IIS server running on a domain controller or a member server and using the Default Web Site.

Documentation

More detailed documentation and information on customizing the interface to suit your organization's needs, see the Directory Update documentation.