Intelligent Message Filter, Content Filter, can do more...

WinDeveloper IMF Tune
WinDeveloper IMF Tune
  • Home
  • General
  • Maintaining User AD Information with Directory Update

Maintaining User AD Information with Directory Update

Alexander Zammit

Alexander Zammit Photo

Alexander Zammit has been developing server applications for over 15 years. Most of his works involve Exchange integrated applications, including a FAX server, a mail security product and anti-spam products.

  • Published: Jun 12, 2007
  • Category: General
  • Votes: none - none
Cast your Vote
Poor Excellent

Maintaining Active Directory User information up-to-date can be a time consuming task. Directory Update enables users to directly maintain their own settings. An alternative relieving us from this burden is certainly worth exploring.

A typical Windows network is a complex environment, with all kind of machines, applications, and users, requiring administrative attention. Maintaining a network can involve tasks ranging from purely technical to secretarial. Keeping user information updated is one task that can cause unnecessary administrative burden. Today we look at Directory Update, a tool from ITCS Hawaii intended to decentralize this task.

Directory Update provides a web interface for users to logon and maintain their own AD settings. Compare this to the administrative model where changes must go through a single person. Here we link together the owners of the information to the repository where the information is stored.

Directory Update is licensed per Active Directory domain. For a $299 license we can manage all users within one domain. The price is clearly very accessible and the licensing model is convenient as it does not base itself on the number of users.

Installing Directory Update

Download Directory Update from the ITCS site at:
http://www.directory-update.com/Active_Directory_Update_GALMOD_Downloads.aspx

The latest version at the time of writing was v1.3.1. It requires .NET framework version 2 and ASP .NET.

Directory Update provides a web interface, thus the installation will request for the IIS site and virtual directory. Furthermore it will install a windows service, for which, a user account and password must be supplied at install time. This account is important since under its security context users will be editing their AD settings. In other words, this account must have enough rights to edit AD settings for all users that will be using Directory Update.

The installation concludes by providing a final checklist, highlighting what to do next. Most notable is the need to run an extra batch file FixPerms.bat when installing on a domain controller. Of course from the IIS end, one could also enable SSL and set the type of authentication.

The product installs in 10 day evaluation mode, following which it must be licensed. The evaluation period was a bit shorter than expected compared to the typical 30 day evaluations of many server side products.

Using Directory Update

Once the installation is completed, Directory Update is ready waiting for users to login. Of course the initial settings are unlikely to match your Organizational needs. However it is good to login immediately and see what the application is about. If you kept the default IIS site and virtual directory settings, the URL would be:
http://<machine name>/directoryupdate

Users are greeted by the login screen. Following that the default set of user settings are presented. From here we can change user settings and click update to save changes as illustrated below.

Directory Update Logon

User Settings

Changes Saved

Configuring Directory Update

An application like Directory Update is typically required to be an integral part of the Organizational policy on managing user information.

Properties describing personal information, such as the home address and personal phone numbers, could be good examples of information that individual users are allowed to manage. On the other hand, information such as the Company Name, Department and Manager might not be as appropriate.

The exact set of properties to be exposed by Directory Update will greatly depend on the Organization type. I would expect a flat organization to be the one allowing most control to users. More hierarchical organizations are likely to have more stringent rules.

The set of properties exposed by Directory Update is configurable through appsettings.xml. Being a text file, the XML configuration could be edited through notepad. However I would recommend the use of a proper XML editor. In this manner you can at least make sure to avoid malformed XML. In all cases this is one file you should certainly keep a good backup of.

Working with the XML file should be fairly intuitive. The file lists all the properties Directory Update supports. For each AD property the file includes an XML element with a number of attributes. These attributes allow us to do things like show/hide AD properties, set properties as read-only and mark properties as required (i.e. value cannot be empty).

For example the default configuration does not show the Employee ID, Employee Number and Employee Type as shown here:

XML Configuration

To show these properties we change the visible attribute value to 'yes'. If the Employee ID cannot be left empty we would change the required attribute value to 'yes'. Likewise if users are not allowed to change their employment type themselves, we would change the Employee Type editable attribute value to 'no'.

Another attribute you will certainly use is the type. This can be set to 'text' or 'dropdown'. The former provides the AD property with an edit box where the user can type in a value. The latter provides a list of pre-configured values for the user to select from. For example an organization typically only has a fixed set of departments, thus a fixed list including each department name would be more appropriate.

In the above XML abstract Employee Type shows a list of possible values. However these won't become effective unless we change the type attribute to 'dropdown'. Changing the possible list values is as simple as deleting and adding new value sub-elements to the property of interest.

There is more customization we could be doing in terms of controlling end-user access. Apart for that we could also change the general look and feel of the application. Those understanding web applications could change the colours and fonts through the style sheet. We could also change the banner and insert contact information to the helpdesk. Here is a glimpse of the interface as I started to play with these settings.

Cutomizing the Looks

Final Tips

This was an overall review of Directory Update. There is more functionality we did not really look at, such as the regular expression support for value validation and the AD Lookup interface that allows you to quickly select the Manager, Secretary and Assistant.

Another interesting aspect is the possibility to install multiple instances of Directory Update for different user Groups. This is quite important as in practice not all users are equal :)). For each instance you would have a separate XML configuration giving you more flexibility.

The application could improve a bit starting from a configuration interface that minimizes the need to edit XML manually. However once the initial deployment and customization are completed there is a good chance very little configuration changes would be necessary. Adding the price to the equation, Directory Update certainly provides excellent value, relieving administration from the maintenance of information that too often ends up outdated.

References

Directory Update Homepage

Directory Update Download

Copyright © 2005 - 2018 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation