Active Directory Update - Allow users to update their own Active Directory information
Home | Installing | Customizing | Evaluating | Downloads Purchasing | FAQ / Support | Tech Notes | About

 

Directory Update has a new home page.  Please follow this link. You will be redirected in 5 seconds automatically.  

 

The Challenge: Updating Active Directory User Information

In medium and large businesses, users rely on their Exchange/Outlook Global Address List (GAL) to provide them with information (telephone number, address, department, etc…) about other users within their organization. This information is maintained for each user in the Active Directory. If that information is not maintained and kept up-to-date then users are frustrated and less productive.

In the past, the only way a user could update their existing information was to call the help desk or an account administrator and have the information updated. An alternative to this was to use a utility such as Microsoft’s GALMOD utility from the Microsoft BackOffice Resource Kit or the Exchange Resource Kit. However, this utility had to be installed on each user’s desktop. The alternative was for the user to request the updates be made to the user account administrator thus placing an additional burden on the IT Department.

Otherwise a third-party utility must be purchased. The current third-party utilities on the market are full-blown user provisioning systems that are very expensive and have far more features than are required for the simple attribute updates.

Introducing Directory Update

The Directory Update service is a .NET web application written in C# that provides an authenticated user the ability to update some of their Active Directory attributes. Features of Directory Update include:
  • Improved directory accuracy: City, State, Department, Company, Office, and Country attributes must be selected from a customizable validated drop-down list
  • Administrator can restrict which attributes can be updated
  • Customizable help string and help page
  • Customizable page and window titles
  • Customizable attribute labels

The user can only update their attributes; the administrator can specify validated information for some attributes and prevent users from changing others.

Click to enlarge

Limitations

The Directory Update application currently has the following limitations and restrictions:

  • The application can update user information only in a single Active Directory domain
  • A user can only update their own attributes; they cannot update attributes for other users.
  • Telephone number fields have a maximum field length of 20 characters. The only permissible characters in the telephone number fields are numbers, parenthesis, the “x” character in front of an extension, and the dash.
  • For attributes that use drop-down list of validated data (such as the list of valid states), if the current value in Active Directory does not exist in the validated list, the Directory Update application will clear that value from Active Directory.
  • Application uses a static domain controller name; it does not auto-discover all available domain controllers in a domain
  • Logging in via a UPN name is not supported

Pricing

The Directory Update application is priced on a per domain basis. The cost is US$250.00 per domain. Reseller and volume pricing is available. An activation key is required to use the product for longer than 5 days. To get an activation key, you must provide the company/organization name to which you want to register the product. This name is displayed on the bottom of the user logon screen.

For more information and pricing, contact MattSuriya @ somorita.com

Evaluation

There is a testing and evaluation version available that is fully functional for 5 days from the date of installation. If you wish to configure the evaluation version and purchase it later, make sure you save your APPSETTING.XML file before removing or re-installing the product. All customization is done through the APPSETTING.XML file.

Click here to download the evaluation version. During installation, when prompted for the customer information check the "Evaluation Version" checkbox. This version can also be used as the fully installable version provided you have a license key.

Requirements

Prior to installing the Directory Update application, the directory administrator must designate a computer on which this web application will be installed. This server can be a domain controller or a member server. The following are the requirements:

  • Windows 2003 Server or higher
  • IIS World Wide Web Service must be installed
  • The .NET Framework v1.1 or higher must be installed
  • Server must be a member of the Active Directory
  • A service account must be created
  • --- The service account password should have a strong password
  • --- The service account password must not expire
  • --- The account must be a member of a group such as Account Operators, the domain’s Administrators group, or other group that has permissions to update user accounts in the Active Directory. Note that the installation program currently checks for Domain Admins membership.
  • The administrator installing the Directory Update application must be a member of the local Administrators group on the computer it is being installed
  • SSL is recommended but not required. If you do not use SSL, then this application should only be visible from within your own Internet since user information will passed over your network in clear-text.

While this is not required, we recommend that the Directory Update application be on its own web server. While it should interoperate fine with other web-based applications, all of our testing has been on an IIS server running on a domain controller or a member server and using the Default Web Site.

Documentation

More detailed documentation and information on customizing the interface to suit your organization's needs, see the Directory Update documentation.

Support and More Information

Support is available via e-mail; expect next business day response for most questions. Contact mattsuriya @ somorita.com for more information or technical support. Note that most common installation issues and questions can be found in the documentation.


The Alternatives

The reason that we developed this application was that there was no web-based application that only allows users to modify their Active Directory properties/attributes. Some of the options and alternatives for modifying user attributes include:

  • The simplest (and cheapest) way to do this is to use the old BackOffice Resource Kit client-side application GALMOD. GALMOD must be installed on all clients that require it, it does not allow access to all of the common attributes, and is not customizable.
  • Microsoft released a Global Address List Modify Web tool (See KB 242223), but it is not very customizable and does not allow users to update all of the common properties (such as State, Title, Company, Office, etc...).
  • Imanami's WebDir application allows web-based administration of Active Directory users and groups as well as providing a web interface for users to modify their own attributes. WebDir is a powerful application suite, but expensive and overkill for the basic functions we require in the Directory Update application.
  • Namescape's rDirectory application is much more extensive application providing features such as searches and addition of other attributes; it is much more complex than what is required for Directory Update installations.
  • WebActiveDirectory is similar to Imanami and Namescape rDirectory in that it has many features such as unlocking accounts, resetting passwords, and user account administration.