Solved

Entering user information in Active Directory

Posted on 2007-03-29
5
262 Views
Last Modified: 2010-05-18
Hi!
Our company is growing very fast an I''d like to know if there is anyone here who can help me with the following issues:
- I would like users to access AD so they can fill out all information about themselves (in their user account)
- I would like all users to be able to see some o the information stored on the user account i.e. phone number, location, etc.
- Which utilities can I use and how can I publish this information in a simple web-page
- I guess there is some security issues here so it would be nice if you mention something about that as well

We use Windows 2003 servers.

Gracias!  
0
Comment
Question by:Caperuzzo
5 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18815842

>  I would like users to access AD so they can fill out all information about themselves
> (in their user account)

We used to have GALMod to do this. I don't think that works so well with AD, it was written for for Exchange 5.5 but doesn't really cover enough of the fields to be useful with Exchange 200x.

Perhaps consider something like DirectoryUpdate to do the job:

http://www.directory-update.com/

> I would like all users to be able to see some o the information stored on the user
> account i.e. phone number, location, etc

Do you use Exchange? If so, all that will be in the Global Address Book.

> Which utilities can I use and how can I publish this information in a simple web-page

I don't know of any out of the box. You could, of course, write something to do it, and it could be fairly simple. It just depends on what you're looking for.

>  I guess there is some security issues here so it would be nice if you mention
> something about that as well

Most of the commercially available applications tend to take these issues into account. If you were doing it yourself it all becomes quite complex with a great deal to try to keep up with.

After all, you don't want to grant your users permission to change the Administrator password.

Chris
0
 
LVL 9

Accepted Solution

by:
herbus earned 500 total points
ID: 18815851
G'day Caperuzzo,

Above all, I'd recommend you steer away from the user access to AD... while you could lock them down to a single OU, if they have the ability to manage their account, they'll be able to change any others in the OU (unless you micro-manage security on each account - bad idea).  On top of that, sure enough they will stuff things up, mis-enter information, probably break things and come looking to IT support to fix it... in short, it will generate more hassle than it's worth - IT should manage AD alone.

That said, if I assume you're running Exchange, then the Global Address List or Public Folders can be maintained (the GAL by IT cos it references info from AD, or PubFolders can be managed by users) to show phone number, location, title, etc etc... this may be the best way to go.  An alternative would be to establish an Intranet that has a staff listing, but this would need some dedicated time, know-how and possibly software to get working.

Again, I'd summarise by saying that as nice an idea it would be to take the pressure off you/IT by having users look after their own info, I couldn't recommend it and you'll likely be asking for more pain than anything...

Cheers,
Herb
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18815924

Herb makes some really valid points about Security, I just wanted to explain a little more about how such applications work so you can make you choice based on as much information as possible.

Most of the web-based applications for doing this require an account which is a member of the Account Operators group. As you probably know, this account can potentially change a lot of sensitive passwords to elevate it's user rights.

However, if you are constructing a web application to do it you're not reliant on a particular users priviledges, you rely on a service account. You could ensure that you never present an option to change a password, and you could set it so the application was completely unable to touch an Administrator.

Basically security at that point is all down to presenting the absolute minimum number of options to do the job.

Chris
0
 
LVL 4

Expert Comment

by:Klaatu01
ID: 18815987
The following product, "rDirectory", is returned on Microsoft's website via Live Search on the keywords "active directory user self-service" and there is a informative Flash Demo available on the program creator's website.  I am detailing the approach used in locating this information only because it is freely available to the general public via Microsoft's website.

I have not personally used this software so perhaps another Experts Exchange contributor has used and can provide additional information covering all the points mentioned above.  It is likely there are additional recommendations, suggestions and solutions available within Experts Exchange through paid options.
0
 

Expert Comment

by:dbrinkmann
ID: 18826650
Web Active Directory has a product named PeopleUpdate that will allow you to control updates to your directory per attribute.  You can also create views and do reporting with it too.  There is a demo page located: http://livedemo.webactivedirectory.com

http://www.webactivedirectory.com
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question