About Ithicos Solutions

About Directory Update

Necessity is the mother of invention. This application started out as a consulting project that Jim McBee and ITCS Hawaii was doing for a large customer. The customer has a global web/LDAP directory used by approximately 120,000 people. The global directory was built by synchronizing from approximately one dozen separate Active Directory forests using Microsoft Identity Integration Server (MIIS).

The problem is that the telephone number, address, job title, and office information in these separate Active Directory forests was not accurate. The customer did not want to install the client version of GALMOD on all the desktops nor was the web-based version of GALMOD flexible enough for their needs. Having each user e-mail or call the help desk to have their information updated (sometimes a user requires updates once or twice a year) would overwhelm the help desk.

The third party products that offered the ability to do this were too expensive and had far too many features for the simple application that was required. A custom application was designed for this organization's needs.

A few other customer's inquired about using this application themselves. From these requests, the Directory Update application was born. Drop-down lists for creating validated fields were included and the ability to customize the attribute labels was included.

Who Is ITCS Hawaii

ITCS Hawaii is a small consulting company based in Honolulu, Hawaii and a Registered Microsoft Partner. The company was founded in 1993 by Exchange MVP and MCT Jim McBee to provide training and consulting services. The company focuses on design and implementation of Exchange Server and Active Directory solutions as well as evangelizing Microsoft solutions all over the world. We design applications but usually do not write them ourselves, but have the customer work directly with developers or other contractors. Though the company is based in Honolulu, Hawaii, we have customers in all corners of the globe.

Wish List

We are looking towards the next release of Directory Update and the features that will be included. Some of the thoughts and ideas we are currently looking at incorporating includes:

  • Convert evaluation version to registered version without re-installation - Current version includes "Configuration" utility that lets you update registration and domain controller information
  • Change domain controller and service account - Current version includes "Configuration" utility that lets you update registration and domain controller information
  • Ability to hide / reveal attributes rather than just de-activating the field - In Version 1.1
  • Ability to set whether a field uses drop-down list or allows the user to enter text directly - In Version 1.1
  • Change evaluation period from 5 days to 10 days - In Version 1.1
  • Updating code to use .NET 2.0 Framework - In Version 1.2
  • Adding Employee ID and Employee Type - In Version 1.2
  • Adding the Custom Attributes 1 - 10 (aka extension attributes) - In Version 1.2
  • Including the Manager attribute (and a browse button for browsing the domain for the manager's name) - In Version 1.2
  • A Change Password function - Planned for v2.0
  • Telephone number format validation via regular expressions (REGEX) in the XML file - In Version 1.4
  • JPEG / Photo support - Planned for v2.0
  • Multi-domain support in single installation - In Version 1.4
  • Specify Active Directory attribute names in APPSETTINGS.XML file - Planned for v2.0
  • Allow user to view additional account information (account expiration date, password expiration date, last password set date, etc...) -Planned for v2.0
  • E-mail notification of changes
  • Group management
  • APPSETTINGS.XML file GUI manager rather than manually editing
  • Integrated Windows authentication instead of Forms Based Authentication

The Alternatives

The reason that we developed this application was that there was no web-based application that only allows users to modify their Active Directory properties/attributes. Some of the options and alternatives for modifying user attributes include:

  • The simplest (and cheapest) way to do this is to use the old BackOffice Resource Kit client-side application GALMOD. GALMOD must be installed on all clients that require it, it does not allow access to all of the common attributes, and is not customizable.
  • Microsoft released a Global Address List Modify Web tool (See KB 242223), but it is not very customizable and does not allow users to update all of the common properties (such as State, Title, Company, Office, etc...).
  • Imanami's WebDir and The DotNet Factory's EmpowerID applications allows web-based administration of Active Directory users and groups as well as providing a web interface for users to modify their own attributes. EmpowerID and WebDir are a powerful application suite, but expensive and overkill for the basic functions we require in the Directory Update application.
  • WebActiveDirectory is similar to Imanami, Nakisa, and The DotNet Factory, in that it has many features such as unlocking accounts, resetting passwords, and user account administration.
  • Directory Wizards Profiler application has lots of features including multiple LDAP directories and photo support, but it is expensive and may provide you more features that you really need for the tasks you need your users to perform.

Links

- Jim McBee's Mostly Exchange blog
- Exchange Team - You Had Me At EHLO blog
- Paul Robichaux's blog
- Bharat Suneja's blog
- Microsoft's PowerShell Team blog
- MSExchange.org
- Daniel Petri's MCSE World

Recommended Reading

We would be remiss if we did not include some recommended reading.