Directory Manager

Affordable, improved directory data accuracy, delegated user and contact management

Download

Overview

Directory Manager is a customizable Web-based utility that allows a designated user or users to update Active Directory user and contact information. Authorized users could include a department secretary, human resources personnel, a receptionist, or Tier 1 support personnel. The authorized user uses a simple search interface to locate users and edit those users.

The authorized user can then double-click on a selected user and edit the properties of that user. The properties/attributes that are available on the Directory Manager Edit dialog box are controlled by the administrator. Data accuracy is enforced through drop-down lists and field validation. The data in the Active Directory and, thus, the Global Address List becomes more up-to-date and accurate.

Systems and utilities that depend on the Active Directory, such as possibly your PBX, Office 365, Microsoft Lync, Microsoft Systems Center Configuration Manager, and other programs can successfully leverage the updated information.


The administrator controls the fields/attributes that area available, the field types (drop-down or plain text), and the validation format

Setup time for Directory Manager is quick, the interface is intuitive and easy for even the most non-technical user to master in a short time. In less than an hour, you can have a web-based interface up and running for your human resources or secretaries and have them helping to keep the information in your Active Directory up-to-date.

Standard Features

The administrator maintains control over the interface through a simple set of XML files in which the Directory Manager configuration is stored. Features include:

  • Provide authorized users with a simple Web interface for updating Active Directory. No client software required!

  • Administrator specifies which fields are visible, editable, field types (drop-down list, text, or combo field types) as well as providing values for drop-down lists.

  • Directory Manager allows photos to be uploaded (in to either thumbnailPhoto or jpegPhoto attributes). Photos stored in the thumbnailPhoto attribute can be used by applications such as Exchange 2010/2013, Office 365, Microsoft Lync, and Outlook 2010/2013.

  • Field validation using customizable regular expressions to control data entered by the user. This allows you to, for example, enforce the format of telephone numbers.

  • Any field can be shown/hidden, editable/read-only, include default data, and use format validation.

  • Address and telephone number information can automatically be populated based on field selection such as office or department.

  • Directory Manager exposes more user native attributes than Active Directory Users and Computers such as employee number, employee id, employee type, secretary, assistant and the photo attributes.

  • All field labels, help screens, and button labels can be customized or localized.

  • Elevated administrative rights for Directory Manager users are not necessary. Updates to the directory are performed via a proxy account.

  • User can export search results to Excel spreadsheets or CSV files

Directory Manager is licensed on a “per Active Directory domain” basis. You can install as many instances or copies as you want in a licensed domain. The number of end users or authorized Directory Manager users you have does not matter. Volume discounts and enterprise licensing agreements are available for customers with four or more Active Directory domains.

There are a number of software applications similar to Directory Manager on the market. Most of these are significantly more expensive and are often full-blown user account provisioning systems. Most of these provide dozens or hundreds of features that make them very powerful, but they also provide many more features than most companies actually require for simple delegated management of Active Directory users and contacts. Directory Manager provides an affordable, easy to use, and configurable option to Web-based management systems that provide hundreds of often unnecessary features.

Advanced Mode

Ithicos Solutions is proud to announce a new product in out product line; Directory Manager Advanced Mode builds upon and extends the basic functionality in Directory Manager. Advanced Mode is an add-on product to basic Directory Manager and provides these additional features:

  • User account creation

  • Group membership management

  • User account deletion

User account creation is not hard, but nonetheless tedious. Advanced Mode allows the administrator to build user templates that define different types of users. Each user type can have different attributes, group membership, or possibly account actions that are taken.

Our group management interface simplifies group administration by restricting the groups that an authorized user of Advanced Mode can even see. This limits the possibility that a user can be placed in the wrong group.

The new account deletion feature allows helps solve those “accidental” deletion issues by allowing the administrator to specify “soft deletion” rules. The authorized user “deletes” the account, but in reality, Directory Manager Advanced Mode disables the account, moves it to another OU, and removes it from all groups.




If you are familiar with the Directory Manager interface, then the interface will be familiar to you. Directory Manager Advanced Mode is enabled, so you will see a “+ Add” button on the left-hand side of the screen. This is the Add User button.


Account Creation

A common problem when assigning someone such as a person in Human Resources to create accounts is ensuring the person enters all of the new user data correctly. And, of course, giving that person additional Active Directory rights.

The Directory Manager Advanced administrator creates templates of different types of users. The template can contain company, department, address, phone, group membership, account expiration, and home folder information for each different type of user you create.

When the authorized Directory Manager Advanced user clicks the “+ Add” button, they are first asked what type of user to create; a user type can be selected from the drop-down list.

The next screen presents a list of field options and some pre-populated options. In this example, all the authorized user needs to enter is the user’s name and employee ID. The rest of the information can be read from the template information which is configured in an XML file.

The next screen shows the automatically generated fields such as the full name, display name, user name, user principal name, email address, and user profile path. The rules for creating these are all defined in the XML template file. All the authorized user needs to do is specify a password or click “Generate Password” to create a random password.

The final screen allows the authorized Directory Manager Advanced user to verify all of the information and then click Create User.

After the user is created, a confirmation screen is presented that can be printed out and given to the new user or emailed to the new user’s manager.

Advanced Mode simplifies user account creation to typing a person’s name and a few mouse clicks.

In the next release, we will be integrating the ability for customers to link their own custom PowerShell scripts for the management of Exchange mailboxes, Office 365 accounts, and other connect to other external systems that may require some type of user account provisioning.


Account Deletion

Ever had a user account deleted by accident? You are not alone. Directory Manager Advanced has a straight forward “you-click-delete-the-account-gets-deleted” feature, but we have created a “soft delete” feature also.

When the authorized user clicks the Delete button and confirms that they really do want to delete the user, Directory Manager Advanced hides the user from the Global Address List, disables the account, moves the account to an alternate OU, sets specific values on some attributes, and removes the user from groups. The next release will also allow you to run a PowerShell script from which you can customize additional actions.

The “Delete” button can be restricted to a different group of authorized Advanced Mode users if you do not want all authorized users to be able to delete an account.


Editing Group Membership

Directory Manager Advanced allows an authorized user to edit a user’s group membership. Click the Group Management tab on a user’s details. To add a user to an additional group, locate the group in the list on the left, select it, and click the blue and white arrow pointing right. Then click Save.

To remove a user from a group, locate the group in the Current Groups list on the right side of the dialog box, select it, and click the blue and white arrow that is pointing to the left. Then click Save.

Standard vs. Advanced

Feature Standard Advanced
Edit properties of users
Edit properties of contacts
Create user accounts from template
Add users to groups
Remove users from groups
Export search results to CSV or XLS file
Delete user accounts
Perform soft deletion of user account
Execute a script after user creation
Customizable interface (fields used, field types, labels)
Enable / disable a user account
Reset user’s password
Unlock a user account
Select values for user properties from drop-down list
Validate user property values using Regular Expressions
Define Boolean properties for user attributes
View advanced properties of a user account
Send email notifications to user, manager, or specific address
Customizable search fields and display grid
Populate multiple fields by selecting a single field value (Address Sets)
Write update transactions to CSV log file

Version History and Product Updates

Directory Manager has been in almost continual development since 2007. We release a new version about once every six to nine months. The features and functionality in those new releases reflect customer requests, bug fixes, updates to support new browsers/operating systems, and more.


Directory Manager v3.1

  • Windows Server 2016 compatibility

  • Security Challenge Questions allow the help desk to verify a user's identity before reseting the user password.

  • Search by OU (organizational unit) feature allows administrators to specify a list of OUs and a friendly name for each. When a user selects an OU, only the users and contacts in that OU (and all sub OUs) are displayed.

  • Fields (attributes) can now be moved around and added to the interface by modifying only the DirectorySettings.XML file (no modifications required in ASPX files!).

  • Improved photo upload feature; more intuitive and fewer clicks to upload a photo.

  • New boolean attribute type; set field type to "checkbox".

  • Limited abilities to specify authorized users based on the organizational unit (OU) in which the user account is contained.

  • Updated screen and sizing controls; now using Bootstrap style sheets for better screen resizing.

  • Attributes' LDAP attribute names and maximum field lengths are now defined in the XML file.

  • Miscellaneous bug fixes, browser compatibility fixes, and improved error detection.


Versions Changes / Bug Fixes
3.1.7 Updated prerequisite script to support Windows 2019.
3.1.6
  • Fixed the random password generation on Password Management to get minimum password length from PasswordSettings.xml instead of using the default value.
  • Changed the installer file from .MSI to .EXE and updated the package to require elevated privileges to install and to be a per-machine installation.
  • 3.1.5 Fixed the "Save and Close" button when there is an error occurred and to leave the window open and show the error message.
    3.1.4 Fixed the email notification for user information tab to not send an email if no data updated but the "Save" button is clicked.
    3.1.3 Updated user deletion
    3.1.2
  • Added a default confirmation message for user information tab that will be used if the confirmationMessage tag doesn't exist in AppSettings.
  • Updates for Advance mode.
  • 3.1.1 Added a confirmation message for user information tab.

    Updates for Advanced mode
  • Added a confirmation message for user creation.
  • Added an option to execute a PowerShell script after creating a user/contact if it is enabled.

  • Directory Manager v3.0

    • Windows Server 2016 compatibility

    • Security Challenge Questions allow the help desk to verify a user's identity before reseting the user password.

    • Search by OU (organizational unit) feature allows administrators to specify a list of OUs and a friendly name for each. When a user selects an OU, only the users and contacts in that OU (and all sub OUs) are displayed.

    • Fields (attributes) can now be moved around and added to the interface by modifying only the DirectorySettings.XML file (no modifications required in ASPX files!).

    • Improved photo upload feature; more intuitive and fewer clicks to upload a photo.

    • New boolean attribute type; set field type to "checkbox".

    • Limited abilities to specify authorized users based on the organizational unit (OU) in which the user account is contained.

    • Updated screen and sizing controls; now using Bootstrap style sheets for better screen resizing.

    • Attributes' LDAP attribute names and maximum field lengths are now defined in the XML file.

    • Miscellaneous bug fixes, browser compatibility fixes, and improved error detection.


    Versions Changes / Bug Fixes
    3.0.9
  • Updated Directory Manager so that LDAP queries are paged. This allows larger numbers of users to be returned in a single query for user list table.
  • Fixed issue with Subset feature when using the country field as a parent field.
  • Added the doubleWide property so that a field on the interface can be set double wide.
  • 3.0.8 Changed the updatedBy variable in email notification to show the display name instead of username.
    3.0.7 Fixed the issue with the search box when searching for manager.
    3.0.6 Fixed direct report when was set to be visible.
    3.0.5
  • Fixed the LDAP path to use the fully qualified DNS name of domain controller.
  • Fixed the issue when getting NetBiosName of domain in multi-domain environment.
  • Fixed issue when getting user properties from different domain when there are multiple domains.
  • Fixed issue when a logged-in user tries to edit a user in different domain but the application can't check if the logged-in user is authorized for each tab.
  • 3.0.4 Fixed issue when service account's password has been changed to show error when LDAP connection fails.
    3.0.3 Fixed PDF export. Change default page orientation for the PDF file to landscape.
    3.0.2
  • Fixed issue with date-time fields in Account Management tab.
  • Fixed email notification to show update table for Account Management tap.
  • Updated table format for email templates AccountManagementTemplate.htm and UserInfoUpdateTemplate.htm.
  • 3.0.1 Added search by OU feature.

    Directory Manager v2.3

    • Updated RAD / screen / grid controls to maintain compatibility with browser and .NET Framework updates

    • Changes and improvements to photo upload feature including: Photos do not get re-rendered if they match the dimensions specified in the XML file exactly. Fixed a bug in the upload control that occasionally cause the cropping feature to crash. Added adjustable compression photo quality option allows the administrator to designate an image compression factor. The value can be between A value of 100 is a high quality image (less compression) and a larger file (14K to 18K for a 128x128 image.)

    • Now allow the administrator to specify the visibility of individual options on the Account Management tab including Unlock Account, Enable/Disable Account.

    • Updated installer to accommodate issues setting the "Network Service" account on some international versions of Windows.

    • Added Configuration option so that the main "User Information" tab can be hidden so that customers that only want to use the Password or Account Management tabs can hide the main tab.


    Directory Manager v2.2

    • Installer updated to better handle Windows servers that use European languages.

    • Improves to photo features including uploading photos exactly if they match the exact pixel dimensions from the DirectorySettings.XML file and changing how photos are displayed if they are larger than the dimensions in the DirectorySettings.XML file .


    Directory Manager v2.1

    • Update base code to use .NET Framework 4.0 and updated AJAX controls.

    • New installer that supports Windows 2008 and Windows Server 2012. Ne installer creates dedicated application pool and necessary file system permissions.

    • Support for newer verions of Google Chrome and Internet Explorer 11.

    • Fixed search issues that sometimes caued the interface to crash after multiple invalid searches.

    • Updated software to allow for 21 day evaluation period rather than 10 days.


    Directory Manager v2.1

    • New, optional Password Management tab that allows authorized Directory Manager user to reset a user's password. This is enabled via the AppSettings.XML file.

    • New, optional Account Management tab that allows authorized Directory Manager user to enable or disable a user account as well as unlocking a locked account. This is enabled via the AppSettings.XML file.

    • Improved photo upload controls allows a photo to be cropped and improves the resizing feature. The maximum "source" size of a photo is 2MB, but the photo is usually between 5KB and 7KB once it is uploaded to the Active Directory.

    • Customized password complexity can be set via PasswordSettings.XML file or password complexity can match Microsoft's complexity rules.

    • Domain drop-down list can be enabled/disabled via AppSettings.XML file in a multi-domain environment.

    • Added feature to allow account status (enabled/disabled) to be exported to CSV or Excel files.

    • Changed the way the default search listing is displayed. Search listing represents more accurate, alphabetized listing of Active Directory users. Maximum of 100 users displayed by default.

    • Added a feature to allow custom LDAP filter for default search listing.

    • Fixed a bug that caused photos to be improperly displayed in multi-domain environments.

    • Changed timeout defaults so that Directory Manager will not automatically log a user off for 3 hours.


    Directory Manager v1.6

    • Updated AJAX grid and button controls to newest versions.

    • Fixed issues with Directory Manager freezing after 5 or 6 updates

    • Changed default photo attribute to thumbnailPhoto and default size to 128x128

    • Added support for the subsets feature

    • Added option so that results tabs do not appear and to prevent a default search from executing when Directory Manager opens.

    • Added support so that selected country controls phone number validation


    Directory Manager v1.4 / v1.5

    • Introduced support for Internet Explorer 9.

    • Included file logging / auditing feature

    • Added support for masked text phone number fields and RegEx validation for all fields

    • Updated AJAX controls and converted code to use .NET Framework v3.5

    • Added support for the Address Sets feature


    Directory Manager v1.3

    • Added photo support

    • Improved filtering / search capabilities

    • Added RegEx validation checking for phone number fields

    • Updated AJAX controls

    Limitations

    Directory Manager is designed to be a simple, easy-to-use Web application that allows an authorized user to update other user’s information in the Active Directory. There are a number of limitations to the application which the administrator should be aware, these include:

    • All updates are performed using the service/proxy account. Authorized users can update any user account in the Active Directory that the service/proxy account is allowed to update. This limitation can be overcome with multiple instances of Directory Manager, though.

    • User accounts and contacts cannot be created or deleted through the Directory Manager interface.

    • Group membership cannot be edited through Directory Manager.

    • The email address field cannot be edited if you are using Exchange Server. Exchange must control the e-mail address properties.

    Keywords: Active Directory galmod self-service web page update gal global address list exchange Outlook

    Last Review: 18 February 2020