Solved

Allowing user to update their personal details in AD

Posted on 2013-12-16
4
514 Views
Last Modified: 2013-12-18
Hi
On Windows 2003 AD servers, was looking out for a utility that allows users to update certain personal fields in the absence of a central HR Application integration.

Am aware that certain identity and Access management (IAM) solutions have this capability but would like to use something more economical for the time being. If it can be developed on Sharepoint and all users gets a portal based form where he /  she has the ability to change allowed fields that eventually shows up on Outlook contacts, that would be apt.

The attached screenshot is of a user contact as it appears within Outlook 2010 and would like them to have ability to update their information as related in boxes 1 & 2 including their small picture and finally stored and synced within AD.

Also, would be great if someone can point me to any off the shelf product available?
AD-details.jpg
0
Comment
Question by:fahim
4 Comments
 
LVL 14

Assisted Solution

by:Ram Balachandran
Ram Balachandran earned 100 total points
ID: 39723260
You can use the AD delegation, see the below links. You can delegate the permissions as per your requirement.
http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html

Else, You can follow the below steps.
Open ADUC [ Dsa.msc]
Create a OU and move all the users to that OU on whom you want to delegate access.
Right click on OU and click on Properties
Go to security Tab(If security tab is missing then cancel it and click on view/Advanced view and again try)
Click on advanced cutton in security properties
Click on add button
Add the users who should have acess to change the attributes. [ here Domain Users/ or a group]
Click on the Properties Tab and you will find all the attributes there.
Give read attribute and write attribute for the attribute you want to delegate
Click apply OK.
 IF you dont know the attributes for the particular user property please check the below lnk
http://www.kouti.com/tables/userattributes.htm
0
 

Author Comment

by:fahim
ID: 39723291
Ram: if we have about 10,000 users within our AD at varying levels of IT expertise, I would want to have a very friendly UI for this functionality.

Something where a user will only have access to change/amend certain stuff like:

1. Office Location
2. Work Phone
3. Department
4. Picture
5. other existing user attributes allowed for modification.

Asking them to open ADUC doesn't seem like the best and user friendly option.

Any other suggestion?
0
 
LVL 44

Accepted Solution

by:
Rainer Jeschor earned 300 total points
ID: 39723390
Hi,
there are a couple of SharePoint third-party applications/web parts available, like
ADSelfService Plus
HarePoint Active Directory Self Service
Profile Manager

but also some free ones like
http://nominesptools.codeplex.com/

Do you already have/use SharePoint?
Which version and edition?

HTH
Rainer
0
 
LVL 3

Assisted Solution

by:Detlef001
Detlef001 earned 100 total points
ID: 39723764
If anyone is still looking to do this, then the system is already in place under Windows 7 (maybe XP but not tested it)

Open Explorer/My Computer
Select Network
A new button appears called 'Search Active Directory'
Click this button and search for your user name.
Once found, right click your name, select properties.
Change the contact number and click the OK's
AD is updated. Admins can change anyones details, normal users can only change their own.
Hope that helps.

Edit :- And no you don't need to change any permissions. They are already set as default.

Moreover you can achieve this by an application also. Freeware but up to some limitation on the numbers of users.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now