Solved

Allowing user to update their personal details in AD

Posted on 2013-12-16
4
515 Views
Last Modified: 2013-12-18
Hi
On Windows 2003 AD servers, was looking out for a utility that allows users to update certain personal fields in the absence of a central HR Application integration.

Am aware that certain identity and Access management (IAM) solutions have this capability but would like to use something more economical for the time being. If it can be developed on Sharepoint and all users gets a portal based form where he /  she has the ability to change allowed fields that eventually shows up on Outlook contacts, that would be apt.

The attached screenshot is of a user contact as it appears within Outlook 2010 and would like them to have ability to update their information as related in boxes 1 & 2 including their small picture and finally stored and synced within AD.

Also, would be great if someone can point me to any off the shelf product available?
AD-details.jpg
0
Comment
Question by:fahim
4 Comments
 
LVL 14

Assisted Solution

by:Ram Balachandran
Ram Balachandran earned 100 total points
ID: 39723260
You can use the AD delegation, see the below links. You can delegate the permissions as per your requirement.
http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html

Else, You can follow the below steps.
Open ADUC [ Dsa.msc]
Create a OU and move all the users to that OU on whom you want to delegate access.
Right click on OU and click on Properties
Go to security Tab(If security tab is missing then cancel it and click on view/Advanced view and again try)
Click on advanced cutton in security properties
Click on add button
Add the users who should have acess to change the attributes. [ here Domain Users/ or a group]
Click on the Properties Tab and you will find all the attributes there.
Give read attribute and write attribute for the attribute you want to delegate
Click apply OK.
 IF you dont know the attributes for the particular user property please check the below lnk
http://www.kouti.com/tables/userattributes.htm
0
 

Author Comment

by:fahim
ID: 39723291
Ram: if we have about 10,000 users within our AD at varying levels of IT expertise, I would want to have a very friendly UI for this functionality.

Something where a user will only have access to change/amend certain stuff like:

1. Office Location
2. Work Phone
3. Department
4. Picture
5. other existing user attributes allowed for modification.

Asking them to open ADUC doesn't seem like the best and user friendly option.

Any other suggestion?
0
 
LVL 44

Accepted Solution

by:
Rainer Jeschor earned 300 total points
ID: 39723390
Hi,
there are a couple of SharePoint third-party applications/web parts available, like
ADSelfService Plus
HarePoint Active Directory Self Service
Profile Manager

but also some free ones like
http://nominesptools.codeplex.com/

Do you already have/use SharePoint?
Which version and edition?

HTH
Rainer
0
 
LVL 3

Assisted Solution

by:Detlef001
Detlef001 earned 100 total points
ID: 39723764
If anyone is still looking to do this, then the system is already in place under Windows 7 (maybe XP but not tested it)

Open Explorer/My Computer
Select Network
A new button appears called 'Search Active Directory'
Click this button and search for your user name.
Once found, right click your name, select properties.
Change the contact number and click the OK's
AD is updated. Admins can change anyones details, normal users can only change their own.
Hope that helps.

Edit :- And no you don't need to change any permissions. They are already set as default.

Moreover you can achieve this by an application also. Freeware but up to some limitation on the numbers of users.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We had a requirement to extract data from a SharePoint 2010 Customer List into a CSV file and then place the CSV file into a directory on the network so that the file could be consumed by an AS400 system. I will share in Part 1 how to Extract the Da…
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question