Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   

Updating the GAL
Page 1 | Page 2

Directory Update

A simple web-based utility from ITCS Hawaii called Directory Update (http://www.directory-update.com) solves these problems and more by providing users a simple and painless way to update their information. The interface (shown in Figure 3) allows the administrator to hide fields that should not be viewed or make fields non-edible if the user should need to view them but not update those fields.? When a user accesses the Directory Update website they are required to logon and can only update their account.? Currently the tool only allows ?Self Service? of a users account, a future version may allow an admin to update any


Figure 3: Directory Update user information page

 

Probably one of the most important features of the Directory Update application is its ability to ensure the data that is entered in to critical fields such as City, State, Department, or Office is the drop-down lists. Any field on the user information form can be set to a drop-down list or a text box. Drop-down list boxes allow the administrator to specify only the selections that the user should. This should come as good news for Exchange administrators that use these fields to help create Dynamic Distribution Groups or Exchange Address Lists.

 

Directory Update is easy to install and has no difficult requirements; I had it running in under five minutes.? Prior to installation, you should ensure that the web server on which you want to include Directory Update meets the following requirements:

  •  Windows 2003 or Windows 2003 R2

  • Internet Information Server installed

  • ASP.NET installed

  • Microsoft .NET Framework v1.1 installed

  • The server must be a member of the Active Directory or it can be installed on a domain controller

 

A service account must be created since the Directory Update application must have permission to update all user objects. While you might be tempted to make this service account a member of Administrators, Domain Admins, or Enterprise Admins, it really only needs Account Operators membership.? Due to Active Directory security restrictions users who are only a member of Account Operators are unable to update other Account Operators, Administrators, Domain Administrators and members of the other built in special ?admin? groups.? Since the service account for Directory Update is a member of Account Operators this limitation also applies to any user who tries to use Directory Update to update members of these admin groups.? Currently, if a user is member of one of these admin groups they will be unable to update their account using Directory Update, it will return an access denied message.? This is a security feature of Windows which prevents Account Operators and other non-admins from managing Account Operator or Administrative accounts.? Since there should only be a small number of these type accounts and they already have the access they need in ADU&C this should be a non-issue.

Note: ? When evaluating Directory Update make sure the account you logon as isn?t a member of one of these groups, otherwise you will get the access denied message.

 

For anyone that has ever edited an HTML or XML page file, customizing Directory Update for your needs is quite simple. All customization including hiding fields, making them non-editable, changing field labels, entering drop-down list data or changing help information is done via an XML file. ?A sample of this is shown in Figure 4.


Figure 4: Editing the Directory Update configuration file

 

While it would be nice if the configuration data could be edited in a nice simple graphical user interface, as long as you make sure you close every opened XML tag and keep a backup copy of the file, customizing Directory Update takes only a few minutes.

 

Conclusion

Keeping the information stored in the GAL update to date is an on going task.? By using Directory Update, you can delegate this task to the user?s themselves, allowing self-servicing of their own data.? This will free up helpdesk and administrative resources while at the same time preventing inconsistent data in the AD for common fields like City, Title, Department, and Office.? The low cost of Directory Update, $250/domain, makes justifying this tool very easy.? In addition, an evaluation version of the tool can be downloaded that works for 10 days.? For more information goto http://www.directory-update.com, don?t forget to read the FAQ on their website.

 

This article was written Jason Sherry; technical review was provided by Jim McBee, who was the designer Directory Update.

Updating the GAL
Page 1 | Page 2

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008