Solved

Allowing user to update their personal details in AD

Posted on 2013-12-16
4
523 Views
Last Modified: 2013-12-18
Hi
On Windows 2003 AD servers, was looking out for a utility that allows users to update certain personal fields in the absence of a central HR Application integration.

Am aware that certain identity and Access management (IAM) solutions have this capability but would like to use something more economical for the time being. If it can be developed on Sharepoint and all users gets a portal based form where he /  she has the ability to change allowed fields that eventually shows up on Outlook contacts, that would be apt.

The attached screenshot is of a user contact as it appears within Outlook 2010 and would like them to have ability to update their information as related in boxes 1 & 2 including their small picture and finally stored and synced within AD.

Also, would be great if someone can point me to any off the shelf product available?
AD-details.jpg
0
Comment
Question by:fahim
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 14

Assisted Solution

by:Ram Balachandran
Ram Balachandran earned 100 total points
ID: 39723260
You can use the AD delegation, see the below links. You can delegate the permissions as per your requirement.
http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html

Else, You can follow the below steps.
Open ADUC [ Dsa.msc]
Create a OU and move all the users to that OU on whom you want to delegate access.
Right click on OU and click on Properties
Go to security Tab(If security tab is missing then cancel it and click on view/Advanced view and again try)
Click on advanced cutton in security properties
Click on add button
Add the users who should have acess to change the attributes. [ here Domain Users/ or a group]
Click on the Properties Tab and you will find all the attributes there.
Give read attribute and write attribute for the attribute you want to delegate
Click apply OK.
 IF you dont know the attributes for the particular user property please check the below lnk
http://www.kouti.com/tables/userattributes.htm
0
 

Author Comment

by:fahim
ID: 39723291
Ram: if we have about 10,000 users within our AD at varying levels of IT expertise, I would want to have a very friendly UI for this functionality.

Something where a user will only have access to change/amend certain stuff like:

1. Office Location
2. Work Phone
3. Department
4. Picture
5. other existing user attributes allowed for modification.

Asking them to open ADUC doesn't seem like the best and user friendly option.

Any other suggestion?
0
 
LVL 44

Accepted Solution

by:
Rainer Jeschor earned 300 total points
ID: 39723390
Hi,
there are a couple of SharePoint third-party applications/web parts available, like
ADSelfService Plus
HarePoint Active Directory Self Service
Profile Manager

but also some free ones like
http://nominesptools.codeplex.com/

Do you already have/use SharePoint?
Which version and edition?

HTH
Rainer
0
 
LVL 3

Assisted Solution

by:Detlef001
Detlef001 earned 100 total points
ID: 39723764
If anyone is still looking to do this, then the system is already in place under Windows 7 (maybe XP but not tested it)

Open Explorer/My Computer
Select Network
A new button appears called 'Search Active Directory'
Click this button and search for your user name.
Once found, right click your name, select properties.
Change the contact number and click the OK's
AD is updated. Admins can change anyones details, normal users can only change their own.
Hope that helps.

Edit :- And no you don't need to change any permissions. They are already set as default.

Moreover you can achieve this by an application also. Freeware but up to some limitation on the numbers of users.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question