Active Directory management & automation

Tutorials

Allow Users to Modify Specific Properties of Their Accounts

By default, all users are allowed to modify certain properties of their own accounts. This permission is granted by the built-in Security Role called User Self-Service. This role allows users to modify only the properties that belong to the Personal Information and Web Information property sets.

Personal Information property set

Property LDAP Name
Assistant assistant
Notes info
Picture thumbnailPhoto
Personal Title personalTitle
Street Address streetAddress
Home Address homePostalAddress
Country c
Country Code countryCode
Country Name co
City l
Office physicalDeliveryOfficeName
P.O.Box postOfficeBox
Home Address postalAddress
Zip/Postal Code postalCode
Registered Address registeredAddress
State/Province st
Street street
Preferred Delivery Method preferredDeliveryMethod
Telephone Number telephoneNumber
Telephone Number (Other) otherTelephone
Mobile Phone mobile
Mobile Phone (Other) otherMobile
Home Phone homePhone
Home Phone (Other) otherHomePhone
Fax facsimileTelephoneNumber
Fax (Other) otherFacsimileTelephoneNumber
IP Phone ipPhone
IP phone (Other) otherIpPhone
Pager pager
Pager (Other) otherPager
International ISDN Number internationalISDNNumber
Primary Telex Number primaryTelexNumber
Telex Number telexNumber
MSMQ Digests mSMQDigests
MSMQ Sign Certificates mSMQSignCertificates
Primary ISDN Number primaryInternationalISDNNumber
Teletex Terminal Identifier teletexTerminalIdentifier
User Certificate userCertificate
User-Cert userCert
User Shared Folder userSharedFolder
User Shared Folder (Other) userSharedFolderOther
User SMIME Certificate userSMIMECertificate
X121 Address x121Address

Web Information property set

Property LDAP Name
Web Page wWWHomePage
Web Page (Other) url

In this tutorial you will learn how to grant regular users the rights to modify specific properties of their own accounts, and how to configure Web Interface to allow users to edit those properties.

Grant Permissions

To allow users to modify properties of their own accounts, you need to add corresponding permissions to the built-in Security Role User Self-Service.

If some undesired changes were made to a built-in Security Role, you can discard all changes made to this role. For this purpose, right-click the role you need and click Restore to Initial State in the context menu.
Launch Adaxes Administration Console, expand Adaxes service \ Configuration \ Security Roles \ Builtin. Select the User Self-Service role. The permissions and assignments of this role will be displayed in the Result Pane (located to the right).

Select Security Role

In the Result Pane (located to the right), click Add.
Click Add Permission

To add a permission to modify a specific property:
  • Select User in the list of object types, to which permissions are applied.
  • Check the Allow option for the desired property in the Property-specific permissions section. For example, to allow modifying the Title property, check the Allow check box for the Write 'Title' Property permission.

    Selecting Permission

    If the property you need is not available in the Property-specific permissions section, enable the Show all properties option.

Click OK and then click Save changes below the Assignments list.
Distribution of permissions with the help of Security Roles does not modify native Active Directory permissions.

Customize Web Interface

The Web Interface for Self-Service allows users to modify only the properties for which they have the Write permission by default. If you want users to be able to modify other properties, you need to customize the form used to edit user accounts in the Web Interface.

To add a property to the Edit User form:

On the computer, where the Web Interface is installed, start the Web Interface Customization tool.


In the Interface type drop-down list, select Self-Service.

Activate the AD Management tab and click Customize Forms and Views.



Select User in the Object types list and activate the Modify tab.


Select the section to which you want to add a new field and click the Add button located under the Section fields list.


Select the property you want to add to the form, click OK and then click Apply.
For more details on how to customize forms and views in Web Interface, see
Customize Forms for User Creation and Editing.
back to top

Delegating Permissions

Hide Active Directory objects from users
Grant rights to create users
Grant rights to modify account options
Allow managers to manage their teams
Grant rights to modify AD group membership
Grant rights to reset passwords and unlock accounts
Grant rights to create and modify Business Units
Deny rights to delete users
Grant rights to execute Custom Commands
Grant rights to modify specific properties of AD objects
Grant rights to move users between OUs
Grant permissions to perform Exchange tasks
Grant permissions to perform Office 365 management tasks

Automating Daily Tasks

Automate user home directory creation
Relocate home directories after disabling users
Automatically add users to groups by department
Add users to a specific group when they are disabled
Automatically change group membership using scripts
Move newly created users to a specific OU
Request approval for user deletion
Run PowerShell script after creating a user
Automate Exchange mailbox creation for new users
Automate Exchange mailbox configuration
Automatically assign Office 365 Licenses
Automatically enable users for Lync
Schedule tasks for AD management
Automatically set profile path for Remote Desktop Services
Send e-mail on adding members to specific groups
Send initial password to newly created users via SMS
Delete inactive computers from Active Directory
Automatically deprovision inactive AD users

Simplifying Data Entry

Auto-populate the company name when creating users
Change template for auto-generating user full name
Specify list of departments to avoid repetitive typing
Disallow specifying telephones without country code
Make Employee ID a required property & specify its format
Set default account options for new users
Validate/modify user input using a script
Predefine selection of Exchange mailbox stores
Automatically set account expiration date for new users
Generate initial password on user creation
Automatically set users' address based on their office
Provide custom help and tips for AD object properties

Active Directory Management

View & manage AD objects collectively
Create a Custom Command
Rename multiple AD users with one operation
Reset passwords for multiple users
Import user accounts from a CSV file
Schedule import of users from a CSV file
Modify Remote Desktop Services settings in bulk
Update user account options in bulk
Update multiple AD objects using PowerShell
View AD operations performed via Adaxes
Manage Fine-Grained Password Policies
Configure user deprovisioning
Manage and automate Office 365
Group AD objects based on logged in user

Web Interface Customization

Set custom logo and colors
Customize forms for user creation and editing
Customize Sign-In page and logon name options
Prevent users from viewing the Active Directory structure
Allow/deny access to the Web Interface
Disallow certain operations on Active Directory objects
Customize the Home page
Configure Home page actions
Configure the Active Directory pane
Customize Active Directory search
Configure Exchange tasks
Configure password reset
Put a custom message on the Change Password form
Hide specific Active Directory reports
Disable specific Web Interface components
Select the AD object types to be displayed in the UI
Manage Active Directory objects of a custom type
Configure columns in Active Directory object lists
Allow using templates for user creation
Customize Help and Support links
Prevent brute force attacks

Self-Service

Configure Password Self-Service
Autoenroll users for Self-Password Reset
Allow users to modify specific properties of their accounts
Request approval for Self-Password Reset
? Waiting

Progress status: Checking...

Information

Open Live Demo