Directory Update

Flexible, easy-to-use, web-based, self-service tools for Active Directory


Directory Update is a web-based application that you host on your own internal Internet Information Server (IIS). Directory Update allows your end users to update their own information via a flexible self-service web page. The administrator controls which attributes the user is allowed to view and update as well as the drop-down lists and validation rules. Advantages of Directory Update include:

  • Enabling the Active Directory to be an up-to-date and usable organization resource

  • Improved accuracy of the data in the Active Directory through the use of drop-down lists, required fields, default values, and “address sets” features

  • Localizable interface can be customized for any language (US English is the only language provided.)

  • For Office 365 customers, Directory Update is nicely integrated with your directory and allows changes (including photos) in your directory to be replicated to Office 365 via Directory Sync.

  • Reduce trouble-tickets and load on the help desk by freeing up personnel from simple tasks such as changing a user’s phone number or address

  • Validate and enforce phone number formats - Valid phone numbers can be used by dialer programs such as the Microsoft Lync client or Skype of up if you publish the Active Directory using an application like our Directory Search tool.

  • Ability to update almost any string-based Active Directory attribute

  • Forms based or Integrated Windows Authentication (single sign-on)

  • An administrator can have Directory Update installed and fully functional in under an hour.

  • Directory Update is economically priced and licensed once per Active Directory domain

  • Directory Update - Resource Domain module (additional charge) allows organizations with account/resource domains to use Directory Update to update their Global Address List.

There are flexible and versatile applications that perform many of the same tasks as Directory Update, but cost 10 times what Directory Update costs; there are also similar applications that offer fewer features, less flexibility, higher deployment costs.

The product is customized through the use of options available in XML files. The administrator adds/enables the fields that he/she wants made available to the user's of Directory Update.


Directory Update was originally designed to be a web-based version of Microsoft’s GALMod utility. Every feature since the very first version has been features that have been requested by our customers. We like to think that the product is completely customer driven.

Directory Update features include:

  • All Active Directory text and telephone number fields supported; the administrator defines which fields are visible and editable.

  • Interface can be localized to any language.

  • Field types can allow either free-form text, dropdown lists, or combination boxes.

  • Regular expression validation of data available such as telephone number fields

  • Address Sets feature allows multiple fields to be populated (such as street, city, state, country) when another field is selected (such as Office)

  • Sub Sets feature allows a value selected for one field (such as Company) to set a specific list of values for a child field (such as Department)

  • Logging of changes to text files and last date/time of changes to Active Directory

  • Email notification of changes (to the user, the user’s manager, and/or a predefined e-mail address)

  • Forms-based authentication or Integrated Windows Authentication

  • Multiple domains within the same forest can be supported on the same installation

  • Manager, Secretary, and Assistant fields available. These special lookup fields map to specific objects (users or contacts) in the Active Directory.

  • Required fields and default values for fields

  • Customizable help strings, help page, page title, window titles, attribute labels, and button titles

  • Customizable field notes and examples

  • User can change their own password (if the Password Management tab is enabled)

Some of the elements of the Directory Update interface include drop-down lists, text boxes, labels, help text, examples, read only fields (non-editable), photo support, and an optional Password Management tab.


We urge all potential customers to download Directory Update, install it in your environment, and customize it for your use. You will see how easy it is to get Directory Update up and running.

You can download a fully functional from the Software Downloads section of our Web site; the evaluation will be fully functional for 21 days with no limitations. We will not ask you for your e-mail address, telephone number, or first born; all you have to do is download the software. And, if you run in to problems and have a question, we will give you the same great support we give our customers.

If you choose to buy the product, you can keep your customized configuration. Using the Configuration wizard edit the Directory Update installation to add your license key and organization name.

Online Demo

Note quite ready to download the evaluation and install it yourself? Not a problem! You can still see Directory Update in action on our "live" demo page. This is a test Active Directory with a test set of data. The Directory Update installation is pretty much a default install with a few features enabled to give you a feel for how the software works. The photo upload feature is disabled, by the way.

Directory Update online demo


The server on which Directory Update is installed must be a member of the same forest in which it will be used. Directory Update cannot be used against accounts in trusted domains that are located in another Active Directory forest.

Active Directory Requirements

Directory Update uses LDAPv3 and works against all versions of Active Directory including Windows 2008, Windows Server 2012, and Windows Server 2016. We do recommend regular patching including applying all recommended and critical Microsoft updates.

Exchange Server Requirements

Directory Update does not require any version of Microsoft Exchange Server. We can use some attributes that are provided by the Exchange Server “schema” prep forest. To use attributes such as the extension attributes (aka custom attributes) we suggest you “prep” you forest with a minimum of Exchange Server 2003, but this is not necessary.

Server Operating System

Our software only installs on x64 editions of Microsoft Windows Server.

  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016

Either the Standard Edition, Enterprise Edition or Datacenter are supported. Both physical server an virtual server is supported. For Windows Server 2008 R2, Server 2012, or Server 2016, you must install the full installation. Server Core installations are not supported.

Internet Information Server

  • Internet Information Service (IIS) 7.5, 8, 8.5, 9, or 10
  • ASP.NET must be enabled
  • .NET Framework v4.0 must be installed/enabled
  • Integrated Windows Authentication must be allowed on the root Web site

Quick Installation of Prerequisites

You can quickly install all of the roles and features necessary using the PowerShell's Server Manager module. This allows you to specify all the roles and features required.

Windows Server 2008 R2

1.  Open a PowerShell command prompt as an administrator 
2.  Type Import-Module ServerManager and press Enter
3.  Type Add-WindowsFeature Web-Server, Web-Basic-Auth, Web-Windows-Auth, Web-ASP-NET, Web-Net-Ext, AS-Web-Support and press Enter
4.  Reboot if prompted.
Windows Server 2012 / Windows Server 2012 R2

1.  Open a PowerShell command prompt as an administrator  
2.  Type Import-Module ServerManager and press Enter
3.  Type Add-WindowsFeature Web-Server, Web-Basic-Auth, Web-Windows-Auth, NET-FRAMEWORK-45-Core, NET-FRAMEWORK-45-ASPNET, Web-HTTP-Logging, Web-NET-Ext45, Web-ASP-Net45 and press Enter
4.  Reboot if prompted.
Windows Server 2016
1.  Open a PowerShell command prompt as an administrator 
2.  Type Import-Module ServerManager and press Enter
3.  Type Add-WindowsFeature Web-Server, Web-Mgmt-Console, Web-Scripting-Tools, Web-Basic-Auth, Web-Windows-Auth, NET-FRAMEWORK-45-Core, NET-FRAMEWORK-45-ASPNET, Web-HTTP-Logging, Web-NET-Ext45, Web-ASP-Net45 and press Enter
4.  Reboot if prompted.

Microsoft / Windows Updates

Once the prerequisites are installed, we strongly recommend that you perform a Microsoft Update and install all recommended and critical updates. This includes any updates to Microsoft's .NET Framework.

Interoperability with Other Web Applications

Directory Update usually works fine with most web applications running on the same IIS server provided the server remains in a minimum of IIS 6 mode. We recommend against running Directory Update on the same server with Microsoft SharePoint.

Service / Proxy Account

All updates to the Active Directory are performed under the security context of a proxy account (sometimes called a service account.) While the proxy account can be restricted to a very minimum set of permissions, we recommend that the proxy account be a member of either the Account Operators or domain’s Administrators group. Here are some properties of the proxy account that you should take note of:

  • Name the account something recognizable such as SVC_DirectoryUpdate
  • Proxy account password should have a strong password (15 characters)
  • Proxy account’s password must not expire

Application Pool

An application pool is a memory space in which a web application executes. Web applications are assigned to the DefaultAppPool by default and that is usually works. For recent versions of Directory Update, our installer creates a dedicated .NET 4.0 application pool. However for earlier versions you may need to do this manually. See this TechNote creating an application pool for older Ithicos applications. See TechNote for more information.

  • Name the application pool something like IthicosAppPool
  • Application pool identity must run as the NetworkService user
  • 32-bit mode must be disabled

Installer’s Account

The person that installs Directory Update should use a user account that is both a domain account and a member of the server’s local Administrators group.

Secure Sockets Layer (SSL)

SSL is a security layer that protects HTTP data as it is transmitted across your network or the Internet. We strongly recommend that any web site that transmits personal data use SSL. Directory Update will work on a web site that uses SSL or not.

SSL uses a certificate that is “signed” by a certificate authority. We recommend that the certificate be issued by a certificate authority (CA) that is trusted by the browser clients that your users will be using. This prevents security warnings; users should never get used to ignoring security warnings.

Enabling SSL is a feature of Internet Information Server. The exact process will depend on the operating system.

Follow these links:

Browser Requirements

Directory Update uses ASP.NET and AJAX controls to create some enhanced functionality within the browser; some call this Web 2.0 technology. This means that it is not as simple as a standard web page and thus browsers must be carefully tested.

Our current releases support the following browser versions:

  • Internet Explorer 8.x - 11.x - IE compatibility mode must be off
  • Microsoft Edge
  • Firefox 16.x and later
  • Google Chrome v11.x and later

We only update current versions of our software when a new browser is released. This does not mean that older versions of our software or other browsers (Safari or Chrome) will not work, but we may not support them if you have problems. We recommend customers stay on software maintenance so that they can upgrade to newer builds of the software as they become available.

Note also that Internet Explorer is required to use Integrated Windows Authentication (IWA) unless you have a 3rd party browser that supports IWA.


Directory Update is simple to install as long as the prerequisites all installed. Download the latest version from our Web site and unzip the DirectoryUpdate.msi file. Place the MSI file on the server’s local hard drive, such as in the c:\temp folder.

You can usually just double-click on the MSI file to launch the installer, but if the User Account Control (UAC) security settings are set to not allow unsigned executables to run you have to launch the installer from the command line (don’t forget to “Run As Administrator”) like so:

msiexec.exe /i c:\temp\DirectoryUpdate.msi
  1. On the installation wizard welcome screen, Click Next

  2. On the License Agreement screen, click “I Accept The Terms In the License Agreement” and then click Next

  3. On the Select Installation Address, you will likely use the defaults. From this screen, you can select a different web site or virtual directory name. When you have made your selection, click Next.

    Directory Update Installation Address

  4. On the Destination Folder screen, click Next if you want the default path or specify a new path for the software.

  5. On the Active Directory information screen, enter the host name of the domain controller, then DNS domain name of your Active Directory domain, the service/proxy account (in domain\username format), and the proxy account password. A common configuration problem is entering the FQDN name of the domain controller in the Domain Controller text box; this text box is for the host (short) name of the domain controller. Click Next.

    Directory Update - Specifying domain and service account information

  6. On the Licensing Information Screen, copy and paste the organization name and license key that you were provided after you purchased the software. If you select the Evaluation checkbox, the software is fully functional in Evaluation mode for 10 days and you can run the configuration wizard later to provide the licensing information. Click Next when finished.

    Directory Update - Adding the license key

  7. On the Ready To Install Directory Update screen, click Install

  8. On the Completion screen, click Finish

  9. Immediately test the installation by using a Web browser to visit http://localhost/DirectoryUpdate (the default URL if you are checking from the console of the server) or http://yourservername.yourcorp.local/DirectoryUpdate (if you are checking from elsewhere on your network.

You can now proceed to customizing the application.

Installation Checklist

  1. Test the default installation (with no customizations)

  2. Edit the DirectorySettings.XML file to configure the fields that you want to use (visibility, required, dropdown versus text, validation formats, etc…)

  3. Edit the AppSettings.XML file to customize the help text

  4. Enable file logging and/or auditing in the AppSettings.XML file

  5. Set file system permissions for photos and log files (if necessary)

File System Permissions

Our installer should configure the necessary folder permissions for log file writes and temporary photo writes. If you wish to use Directory Update to upload photos to the Active Directory, give the NETWORK SERVICE user all permissions but Full Control to the .\Photos folder. This means you must give NETWORK SERVICE the following permissions to that folder: Modify, Read & Execute, List Folder Contents, Read, and Write. The Photos folder is found (by default) at c:\inetpub\wwwroot\directoryupdate\photos.

Directory Update - Folder Permissions for Photos and Logs

If you wish to allow Directory Update to record a text (CSV) file log of all changes made using Directory Update, you must give the NETWORK SERVICE the following permissions to the .\Logs folder: Modify, Read & Execute, List Folder Contents, Read, and Write. The .\Logs folder is found (by default) at c:\inetpub\wwwroot\directoryupdate\Logs.


Directory Update is customized almost entirely by editing option files. Most of these files take the format of an XML file. Prior to starting the customization work, we have a few recommendations:

  • Remember, XML is much pickier than HTML. Tags names and options are often case sensitive and all open tags must have a close tag

  • Get a good text editor – Notepad++ is both very good and free

  • Always make backup copies of files before editing them

The configuration files are as follows:

  • DirectorySettings.xml – This is the primary configuration file; this is the file you will edit most often. It controls the fields that are visible/hidden, field labels, dropdown list options, field types, validation formats, required fields, default values, and more. When you edit this file, you may find many attributes that you did not realize exist in the Active Directory. There are many attributes that Microsoft does not use.

  • AppSettings.xml – This file controls options such as help text, logging, e-mail notification, error message text customization, button labels, enabling the Password Management tab, and filtering options for lookup boxes like the Manager box.

  • AddressSettings.xml – This file controls the Address Sets feature. The Address Sets feature allows the end user to pick a field (such as Office) and automatically have other fields filled in automatically (such as street address, city, state, country, etc..) Once you create a list of offices, for example, and enable Address Sets, the office list no longer needs to be maintained in the DirectorySettings.XML file.

  • SubSettings.xml – This file allows you to define a parent-child relationship between 2 attributes. For example, you can define a relationship between a division and a department. If the user selects the “Information Technology” division, then they would only see a list of departments within that division.

  • PasswordSettings.xml – This file is used to define password policies if you enable the Password Management tab.

  • Style.css – This is the cascading style sheet. This can be used to change fonts and screen colors. Changes to this file can negatively affect the interface so only experienced web site developers should edit this file.

  • Web.Config – This file is the web application file. Typically, the only useful thing you can do in this file is to enable Integrated Windows Authentication.

The primary changes that most customers want to make are handled via the DirectorySettings.XML file. This file allows you to:

  • Change the field’s screen label
  • Set the field type
  • Add values for fields that use dropdown lists.
  • Hide / show a field
  • Make a field editable/read only
  • Set a default value for a text field
  • Make a field required
  • Define a validation format
  • Set a field to be double-wide
  • Set a field to be multi-line
  • Provide some example text below the field

Here is a typical “tag” from the DirectorySettings.xml file. The tag consists of the field name as well as options for that field that enable or disable particular features. This tag is for the company field:

<field id="company" label="Company" attribute="company" visible="true" editable="true" type="dropdown" maxLength="64">
  <value>Company 1</value>
  <value>Company 2</value>
  <value>Company 3</value>
  <value>Company 4</value>

This "tag" produces a field on the Directory Update whose label is "Company", the type is a drop-down list, and there are 4 options in the drop-down list.

Directory Update - Sample field

Note with drop-down lists, if there is an existing value in the Active Directory and it is NOT one of the values in the dropdown list, then it will not be displayed in the dropdown list.


The label=“Company” option displays the text “Company” next to the field.

Field Type

The type=“dropdown” option allows you to define the field type. Valid field types are:

  • dropdown
  • text
  • combo
  • maskedText

The text box allows the user to enter data in free-form text with no validation or control. The combo box has a drop-down list but the end user can enter free-form text also.

The other option (maskedText) is best used with phone number fields and allows you to define input guidance or field formatting. For example, you could use a maskedText option if you wanted a user to enter a phone number in a specific US format, such as this:

Directory Update - Masked text field

Below is an example of using the maskedText option for the office phone number field:

<field id="officePhone" label="Office Phone" attribute="telephoneNumber" visible="true" editable="true" type="maskedText" 
  mask="(###) ###-####" maxLength="64" validationFormat="" />

Visible or Hidden Fields

A field can either be hidden or visible on the interface. Visible=“true” displays the field while visible=“false” hides the field.

Editable or Read Only Fields

A field can be either editable or read only. In some situations you may want the user to see the current value in Active Directory but not edit that value. Editable=“true” allows the field to be edited by the user while editable=“false” sets the field to read only.

Required Fields

You can set a field to be required by adding the required=“true” option to the field’s tag. Here is an example making the title required:

<field id="title" label="Title" attribute="title" visible="true" editable="true" type="dropdown" maxLength="64" required="true" />

Validation Format

Directory Update allows you to define a rule set for field content using regular expressions (REGEXs). There are two parts to this process. You must first define the validation format (including the format name, example text, and the regular expression that will be used. This is done in the validations section of the DirectorySettings.xml file. Below is an example of a RegEx that requires that a user enter a phone number in either of these two formats: (808) 555-4321 or (808) 555-4000 x4322:

<validation format="US-Phone" formatExample="Example: (808) 123-4567 or 808-123-4567 x4321" 
  regularExpression="((\(\d{3}\) ?)|(\d{3}-))\d{3}-\d{4}(( x)\d{1,5}| )?"/>

Once you have created a validation format, such as the one above called US-Phone, you then need to add the validationFormat=“US-Phone” option to the appropriate field. Below is an example of using that for the office phone number field.

<field id="officePhone" label="Office Phone" attribute="telephoneNumber" visible="true" editable="true" type="text" maxLength="64" 
  validationFormat="US-Phone" />

Please note that our support personnel cannot assist you in creating custom regular expressions. We recommend you visit a site like htp://


Photo support has become one of our most popular features; this is because Microsoft is now displaying photos in Outlook 2010 and Lync clients if the photo is stored in the thumbnailPhoto attribute. Directory Update can upload the photo to either the thumbnailPhoto or jpegPhoto attributes in Active Directory. Below is the recommended photo tag using the thumbnailPhoto attribute and a size of 128x128:

<photo label="Photo" attribute="thumbnailPhoto" visible="true" editable="true" width="128" height="128" quality="80" 
  defaultValue="Images/noPhoto.jpg" />

When the photo tag's editable="true" option is set, the photo option appears in the General section of the user interface. When a user uploads a photo, the photo file is temporarily stored in the c:\inetpub\wwwroot\directoryupdate\photos folder until the user saves their information. At that time, the photo is then stored in the Active Directory. Here is a fun tip, upload your photo, but don't save your information. Look in that folder on the IIS server to see how big the photo will be in the Active Directory.

Directory Update - Luke Husky Photo

By default, the photos are stored in an attribute (thumbnailPhoto) as part of the user’s object in Active Directory. Regardless of the original photo file size, Directory Update “re-renders” the photo to the size specified in the DirectorySettings.xml file. Typical file sizes are between 5KB and 10KB.

Since we store the photo (by default) as a square image, we recommend the original source image also be square. Otherwise, the photo will look squashed or stretched.

Double Wide Fields

In some cases your data may not display properly when the field is half-width. If you want a field to be wider, add the doubleWide=“true” option to the field’s tag:

<field id="company" label="Company" attribute="company" visible="true" editable="true" type="dropdown" maxLength="64" doubleWide="true" />

Note in the screen shot below that the Company field is a double-wide field while the Office field is a single-width (default) field.

Directory Update - Double wide field

Default Value

You can also specify a default value if the field type is a text box. This feature is only valuable if there is no data in the field to begin with.

<field id="title" label="Title" attribute="title" visible="true" editable="true" type="text" maxLength="64" defaultValue="Accountant" />

Multi-line Fields

For most Active Directory data types, the multi-line option is not very valuable, but for attributes like streetAddress or notes, it can be useful. Note that multi-line does not change how Active Directory stores the data, only how Directory Update displays it. Here is an example setting multiLine=“true” for the streetAddress field:

<field id="streetAddress" label="Street Address" attribute="streetAddress" visible="true" editable="true" type="text" maxLength="1024" 
  multiLine="true" />

Directory Update - Multiline field

Help Notes and Example Text

Directory Update is designed to help you provide as much help as necessary to the end user. This is in the form of a couple of different types of help fields. First, each "section" of the user interface, such as the General, Organization, Address, etc... Within each section, there is a note area at the bottom of the section. Below shows the Telephones section, the note tag is at the bottom of the image:

Directory Update - Telephone section and Notes field

This corresponds to the following section in the DirectorySettings.XML file. If you do not need the note, then save your self some screen space by setting the visible="false" option. Otherwise, you can customize the text to suit your organization's needs and best help your end users.

Directory Update - DirectorySettings.XML file Telephone Section

Each attribute can also have individual example text. This was originally intended for phone number fields, but you can add the example option to any tag.

Directory Update - Field example text

The following is an example of adding the example option to the officePhone tag.

<field id="officePhone" label="Office Phone" attribute="telephoneNumber" visible="true" editable="true" type="text" maxLength="64" 
  validationFormat="" example="Include your area code, such as: (212) 555-1234" />

Manager, Assistant, and Secretary Attributes

The Manager, Assistant, and Secretary attributes are special data fields that store object names. For example, in order to select a Manager, the manager must have a user name or contact name in the Active Directory already. These fields are not free-form text fields, but rather lookup fields for users and/or contacts. Active Directory Users and Computers only exposes the Manager attribute fog editing, but the Active Directory schema does provide for the Secretary and Assistant fields.

Directory Update allows for one or more of these fields to be enabled. We provide a lookup box where the Directory Update can type in the first few characters of the person's display name.

Directory Update - Searching for a Manager

There is little-to-no configuration necessary to use these fields other than to enable them to be editable via the DirectorySettings.XML file.

<field id="manager" label="Manager" attribute="manager" visible="true" editable="true" type="lookup" />

There is one notable exception, though. If you have more than one domain in your forest, by default the lookup fields only query a single domain. Therefore you must enable global catalog lookups so that you can see the users from the other domains in your forest. This is done in the AppSettings.XML file. The useGlobalCatalog option within the lookupFields tag must be set to "true".

<lookupFields useGlobalCatalog="true" showOnlyExchangeEnabledUsers="false" showContacts="true" showDisabledUsers="false" maxResults="20" />

Enabling Windows Login (Single Sign-on)

By default, Directory Update uses a customizable logon form. However, a much more convenient way to use Directory Update is to enable Integrated Windows Authentication (sometimes called single sign-on.)

Edit the Web.Config file and locate the <authentication mode=“Forms”> tag. You can find the Web.Config file in the root of the installatoin folder, by default that is in c:\inetpub\wwwroot\directoryupdate. Replace mode=“Forms” with mode=“Windows”. That will enable Integrated Windows Authentication.

Directory Update - Enabling Integrated Windows Authentication

For more information, read our TechNote Enabling Integrated Windows Authentication.

Version History and Product Updates

Directory Update has been in continual development since 2006. We release a new version about once every six to nine months. The features and functionality in those new releases reflect customer requests, bug fixes, updates to support new browsers/operating systems, and more.

Note that most new versions of Directory Update require a new license key. Please contact support(at) if you wish to determine if your eligible for a free update.

Existing customers: You cannot just install the new version over the top of the old version. See Upgrading TechNotes

Directory Update v3.0

  • Windows Server 2016 compatibility

  • Fields (attributes) can now be moved around on the interface by cutting and pasting the appropriate line in the DirectorySettings.XML file.

  • Improved photo upload feature; more intuitive and fewer clicks to upload a photo.

  • New boolean attribute type; set field type to "checkbox".

  • Limited abilities to specify authorized users based on the organizational unit (OU) in which the user account is contained.

  • Updated screen and sizing controls; now using Bootstrap style sheets for better screen resizing.

  • Directory Password v3.0 compatibility.

  • Attributes' LDAP attribute names and maximum field lengths are now defined in the XML file.

  • Directory Update is now the master location for the PasswordSettings.XML file if you use Directory Password or Directory Manager.

  • Miscellaneous bug fixes and improved error detection.

Directory Update v2.7

  • Added compatibility with Directory Password v2.0

  • Optimized the user interface to allow photos larger than 128x128. We have tested photos up to 648x648.

Directory Update v2.6

  • Updated installer so that it better recognizes Windows server editions with European language sets.

  • Added photo to email notification feature.

  • Fixed issue with conflicting compression modules that sometimes caused interface features to stop working. Updated image compression module to use a newer library that allows variable control of the compression factor. The photo quality option allows the administrator to designate an image compression factor. The value can be between 0 and 100. A value of 0 is a very low image quality and very small file size (often 1K to 2K.) A value of 100 is a high quality image (less compression) and a larger file (14K to 18K for a 128x128 image.)

  • Allowed option to disable the Remove Photo link when photo is enabled.

  • Changed photo image upload feature so that if photo size (in pixels) exactly matches the pixel dimensions set in the DirectorySettings.XML file, then no compression is used.

  • Fixed issue where larger photos did not display properly and fixed an issue where occasionally the cropping function crashed.

  • Updated RAD controls.

Directory Update v2.5

  • Updated to new installer technology (Wix) that better automates the installation process. Dedicated application pool now created and assigned. Folder permissions for NetworkService now automatically assigned.

  • Windows Server 2012 / Windows Server 2012 R2 support. Windows 2008 x64 / Windows 2008 R2 support. Contact support about x86 support.

  • Code update so that .NET Framework v4.0 is used rather than v2.0 Framework. Updated AJAX controls.

  • Added a feature to show required fields next to the field label.

  • Browsers supported: IE 8, 9, 10, 11. Firefox 19.x and later. Chrome 15.x and later. Note, IE must *not* be in IE 7 compatibility mode.

  • Introduced Resource Domain module for customers with resource domains. User logs in to Accounts domain, but can update their Resource Domain account information. Additional / add-on cost item.

  • Improvements in password strength filtering including a blocked-password list that the administrator can enabled.

  • Minor bug fixes including improving photo crop control compatibility.

  • Updated code so that software is fully functional in evaluation mode for 21 days.

Directory Update v2.2 / v2.3

  • Changes to photo upload control so that cropping is now allowed.

  • Photo upload control will now resize rectangular photos based on longest axis; this reduces likelihood of photo being squished or stretched.

  • Maximum source photo size (before resizing) is 2MB but administrator can override this via AppSettings.XML file. Once the photo is uploaded, the photo is still only between 5KB and 8KB when stored in the Active Directory.

  • Change Password feature now allows either customized password complexity or the ability to use Microsoft password complexity rules (3 out of 4 character types). This is configurable via the PasswordSettings.XML file.

  • A bug was fixed that prevented a user from updating their security questions when the Directory Password module is enabled.

  • Improved support for IE 9.x/10.x and through Firefox 19.x.

  • Fixes to audit logging (auditing to text file) and now logs that the photo was updated though we don't keep the old photo.

  • Allows "Logoff" and "Help" buttons to be hidden via configuration options in AppSettings.XML file.

  • AJAX (aka RAD controls) updated to newer version.

Directory Update v2.0 / 2.1

  • Password change functionality - User can change their own password if they know their password.

  • Email notification of changes to the user, user's manager or predefined SMTP address

  • Subsets features allows for the creating of a parent-> child relationship between two attributes. The values available in the child attributes' drop-down list depend on which value was selected for the parent.

  • Default photo attribute now set to thumbnailPhoto and set to 128 x 128. This is to better align with Microsoft's plans for Outlook 2010 and Microsoft Lync client.
  • Updated support for Internet Explorer 9 and Firefox 4.x

  • Integration with Directory Password v1.0; a separate product that allows a user to unlock their account or reset their password if they have forgotten their password

  • Improved error handling and friendlier messages for common errors.

  • Upgraded to latest version of Telerik RAD / AJAX controls to improve browser compatibility.

Directory Update v1.9

  • File logging / auditing capability allows all changes to be recorded to a text log file.

  • Coded attributes values. When user selects a specific value (such as city name, a code is stored in the attribute rather than the city name.

  • Support for Internet 8.0 and Firefox 3.x

  • Allow for use of phone numbers and other attributes with the AddressSets feature.

  • Upgraded code to use Microsoft .NET Framework v3.5

  • Telephone number format performed based validation rules defined for country selected.

  • Masked text phone number allows tight formatting of telephone numbers; note that phone number format control via regular expression is still more flexible.

Directory Update v1.6 / v1.7

  • Introduced photo upload capability to either the thumbnailPhoto or jpegPhoto attribute or storing the photo in a URL path. Storing in thumbnailPhoto is strongly advised.

  • AddressSets feature allows a user to select an attribute such as Office and have additional attributes automatically populated such as street, city, state, country.

  • Add additional attributes to user interface options in DirectorySettings.XML file.

  • Double-wide field and multi-line field control available.

  • Auditing (to an attribute such as extensionAttribute11) allows for date/time of change as well as IP address from which the change was made.

  • Multi-domain support - A single installation of Directory Update can support more than one domain in the same forest.

  • UPN name logon support and Integrated Windows Authentication (aka Single Sign-on).


We have tried hard to make Directory Update as functional and feature rich as possible while ensuring that the product remains affordable and simple to install. Inevitably, though, some organizations may require some specialized features that we do not support. We want you to understand the limitations of our products so that you can make sure you are buying the right solution for your company. The following are some of the limitations that we are occasionally asked about.

  • The IIS server on which Directory Update is installed must be in the same forest as the users that will use Directory Update.

  • We do not automatically enable SSL / HTTPS; you must do this for your IIS servers.

  • Active Directory was designed to store fairly small amounts of data that does not change frequently. Storing paragraphs of data in Active Directory may not be practical. Most attributes store 1KB of data or less but the phone number and title fields may hold less than 64 bytes of data. There is nothing that any application can do to get around this.

  • Our data source for drop-down fields is our XML files; we do not have a mechanism for connecting to external databases. We cannot use the existing data in Active Directory as a validation source for drop-down lists.

  • Directory Update uses a static domain controller name that is configured via the Configuration wizard. We do not dynamically discover domain controllers in the local site.

  • We design and test our applications with specific browsers (such as IE 8 - IE 11, Chrome, and Firefox.) Browser updates may break our applications.

  • Directory Update does not allow a user to update other user's information. We have a separate product called Directory Manager that allows an authorized user to update other user's information.

  • We now provide limited support for resource forest usage. Directory Update must be installed in the domain in which the user accounts are created, not in the resource forest. The Resource domain module is an add-on option (additional cost) to Directory Update. Contact for more information.

Keywords: Active Directory galmod self-service web page update gal global address list exchange Outlook
Last Review: 16 April 2018