Solved

Allowing user to update their personal details in AD

Posted on 2013-12-16
4
517 Views
Last Modified: 2013-12-18
Hi
On Windows 2003 AD servers, was looking out for a utility that allows users to update certain personal fields in the absence of a central HR Application integration.

Am aware that certain identity and Access management (IAM) solutions have this capability but would like to use something more economical for the time being. If it can be developed on Sharepoint and all users gets a portal based form where he /  she has the ability to change allowed fields that eventually shows up on Outlook contacts, that would be apt.

The attached screenshot is of a user contact as it appears within Outlook 2010 and would like them to have ability to update their information as related in boxes 1 & 2 including their small picture and finally stored and synced within AD.

Also, would be great if someone can point me to any off the shelf product available?
AD-details.jpg
0
Comment
Question by:fahim
4 Comments
 
LVL 14

Assisted Solution

by:Ram Balachandran
Ram Balachandran earned 100 total points
ID: 39723260
You can use the AD delegation, see the below links. You can delegate the permissions as per your requirement.
http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html

Else, You can follow the below steps.
Open ADUC [ Dsa.msc]
Create a OU and move all the users to that OU on whom you want to delegate access.
Right click on OU and click on Properties
Go to security Tab(If security tab is missing then cancel it and click on view/Advanced view and again try)
Click on advanced cutton in security properties
Click on add button
Add the users who should have acess to change the attributes. [ here Domain Users/ or a group]
Click on the Properties Tab and you will find all the attributes there.
Give read attribute and write attribute for the attribute you want to delegate
Click apply OK.
 IF you dont know the attributes for the particular user property please check the below lnk
http://www.kouti.com/tables/userattributes.htm
0
 

Author Comment

by:fahim
ID: 39723291
Ram: if we have about 10,000 users within our AD at varying levels of IT expertise, I would want to have a very friendly UI for this functionality.

Something where a user will only have access to change/amend certain stuff like:

1. Office Location
2. Work Phone
3. Department
4. Picture
5. other existing user attributes allowed for modification.

Asking them to open ADUC doesn't seem like the best and user friendly option.

Any other suggestion?
0
 
LVL 44

Accepted Solution

by:
Rainer Jeschor earned 300 total points
ID: 39723390
Hi,
there are a couple of SharePoint third-party applications/web parts available, like
ADSelfService Plus
HarePoint Active Directory Self Service
Profile Manager

but also some free ones like
http://nominesptools.codeplex.com/

Do you already have/use SharePoint?
Which version and edition?

HTH
Rainer
0
 
LVL 3

Assisted Solution

by:Detlef001
Detlef001 earned 100 total points
ID: 39723764
If anyone is still looking to do this, then the system is already in place under Windows 7 (maybe XP but not tested it)

Open Explorer/My Computer
Select Network
A new button appears called 'Search Active Directory'
Click this button and search for your user name.
Once found, right click your name, select properties.
Change the contact number and click the OK's
AD is updated. Admins can change anyones details, normal users can only change their own.
Hope that helps.

Edit :- And no you don't need to change any permissions. They are already set as default.

Moreover you can achieve this by an application also. Freeware but up to some limitation on the numbers of users.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question