<%@ Language=VBScript %> <% 'UserUpdates.asp -- written by Bill Boswell, Bill Boswell Consulting, Inc., www.billboswellconsulting.com 'This page displays values that users often want to update themselves. 'Some of these are "GAL" values -- they appear in the Properties page of a Global Address List entry. 'Others are not displayed in ADUC so this page is a convenient way to avoid using ADSIEdit. 'The script does not handle multiple domains if the domains do not share a contiguous namespace (a "tree"). 'Place this page on an IIS server that support ASP and give Execute rights to the virtual folder. 'Remove anonymous authentication from the virtual folder and leave Windows Integrated authentication selected. 'The script makes use of passthrough authentication in IIS 5/6 to create instances of ADSI objects, ' so you'll need to use an IE browser. I'm working on a Firefox/Mozilla version. 'This script is in the public domain under the Creative Commons. See the end for a link to the declaration. 'Don't use this code in production until you've tested it thoroughly. %> User Information Update Page <% 'You can modify these styles to match your own system or your webmaster can reference a corporate stylesheet. %>

User Information Update Page


Legend
Editable by User Editable by Admin Not Editable

Values not in bold do not appear

in Active Directory Users and Computers


<% 'Watch out for the ADSystemInfo object. It's handy, but it does not refresh automatically. 'If you move a user to a different container, the user must log out and back on again before using this tool. Set adInfo = CreateObject("ADSystemInfo") Set ntInfo = CreateObject("WinNTSystemInfo") loggedOnUserDN = adInfo.UserName loggedOnUserFlatName = ntInfo.UserName 'Specify a DC for creating objects by selecting a DC in the local site using GetAnyDCName localDC = adInfo.GetAnyDCName 'Check to see if the user is an admin. If so, a selection form will be displayed. 'If you have a group other than Domain Admins who do user updates, change the group name Set rootDSE = GetObject("LDAP://" & localDC & "/RootDSE") domainDN = rootDSE.Get("DefaultNamingContext") Set daGroup = GetObject("LDAP://" & localDC & "/cn=domain admins,cn=users," & domainDN) Set adsiUser = GetObject("LDAP://" & localDC & "/" & loggedOnUserDN) userCN = adsiUser.cn updatesApplied = vbFalse 'This identifies an initial launch of the page vice a reload after an update. 'Test to see if the page is being loaded following a form submittal 'If it's loaded by a Submit, then apply the updates userDN = Request.Form("userDistinguishedName") If userDN <> "" Then Call ProcessUpdates(userDN) 'Apply the updates to Active Directory updatesApplied = vbTrue 'Show success notification later in the select form End If 'Adminstrators get a form to select users for updates. 'Users don't see this form. They only see their own information. If daGroup.ismember("LDAP://" & localDC & "/" & loggedOnUserDN) Then Response.Write "
" 'Success notification or initial welcome message If updatesApplied Then Response.Write "

Updates successfully applied. Enter another logon name.

" Else Response.Write "

Welcome " & loggedOnUserFlatName & ". Enter a user logon name.

" End If 'Build the input form to enter a search name Response.Write "" Response.Write "" Response.Write "
" searchName = Request.QueryString("searchName") goodSearch = vbFalse If searchName <> "" Then 'Perform an ADO search for the samAccountName, the attribute that stores logon name 'If the search does not succeed, notify and wait for another entry. Set adoConnection = CreateObject("ADODB.Connection") adoConnection.Open "Provider = ADsDSOObject" srchQry = "Select cn, distinguishedname from 'LDAP://" & domainDN & "' where objectcategory='user' and samaccountname='" & searchName & "'" Set rs = adoConnection.Execute(srchQry) If rs.RecordCount <> 0 Then userDN = rs.fields("distinguishedName") Set adsiUser = GetObject("LDAP://" & userDN) goodSearch = vbTrue End If If not goodSearch Then Response.Write "

Unable to locate user with that logon name. Try again." Response.End() End If End If End If %> <% 'Obtain entries from form submit 'The userDN value was passed in by the form submit Public Sub ProcessUpdates(dn) Set adsiUser = GetObject("LDAP://" & dn) userCN = adsiUser.cn streetAddress = Request.Form("newStreetAddress") city = Request.Form("newCity") state = request.form("newState") zip = request.form("newZip") officeLocation = Request.form("newOfficeLocation") comment = request.form("newComment") title = request.form("newTitle") workPhone = request.form("newWorkPhone") mobile = request.form("newMobile") pager = request.form("newPager") fax = request.form("newFax") homePhone = request.form("newHomePhone") mailDrop = request.form("newMailDrop") empNumber = request.form("newEmpNumber") empID = request.form("newEmpID") empType = request.form("newEmpType") department = request.form("newDepartment") 'Apply any non-empty entries to associates User attribute If streetAddress <> "" then adsiUser.put "StreetAddress", streetAddress If city <> "" then adsiUser.put "L", city If state <> "" then adsiUser.put "St", state If zip <> "" then adsiUser.put "postalCode", zip If officeLocation <> "" then adsiUser.put "PhysicalDeliveryOfficeName", officeLocation If comment <> "" then adsiUser.put "Info" , comment If title <> "" then adsiUser.put "Title", title If workPhone <> "" then adsiUser.put "TelephoneNumber", workPhone If mobile <> "" then adsiUser.put "Mobile", mobile If pager <> "" then adsiUser.put "Pager", pager If fax <> "" then adsiUser.put "FacsimileTelephoneNumber", fax If homePhone <> "" then adsiUser.put "HomePhone", homePhone If mailDrop <> "" then adsiUser.put "PostalAddress", mailDrop If empNumber <> "" then adsiUser.put "EmployeeNumber", empNumber If empID <> "" then adsiUser.put "EmployeeID", empID If empType <> "" then adsiUser.put "EmployeeType", empType If department <> "" then adsiUser.put "Department", department 'Get ready for possible error On Error Resume Next 'Apply the updates. If an error occurs, show it and stop 'This avoids displaying the form, which would error out because it has no values adsiUser.setinfo If Err.Number <> 0 Then ShowError Err.Number , Err.Description Response.End() End If 'Return to default error handling On Error Goto 0 End Sub Sub ShowError(errNum, errMsg) 'Display error message then allow the user to return to the main page Response.Write "

User Update Failure

" Response.Write "

An error occurred while updating the account.

" Response.Write "

Please notify a system administrator with the following error information:

" Response.Write "
" Response.Write "

" & err.Number & ": " & Err.Description Response.Write "

 " Response.Write "

Return to the User Information Update page.

" End Sub %>

<% 'The form posts to this ASP page. This allows all processing and data collection to reside in one place. %>
<% 'Translating the ADSI values to friendly name is something of a chore 'Most of the properties are included in the Personal Property Set to simplify permission assignment 'If you want the user to change Title or Department, you'll need to assign specific permissions 'None of these entries are validated. Either train the users well or add your own validation codes.%> <% With adsiUser %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <%= "" %> <% 'Include the user's DN in the form to allow an admin to update someone else's information. %> <%= "" %> <%End With%>
Attribute Current Value New Value
Logon Name" & .SamAccountName & "
User Principal Name" & .UserPrincipalName & "
Street Address" & .StreetAddress & "
City" & .L & "
State" & .St & "
Zip Code" & .PostalCode & "
Office Location" & .PhysicalDeliveryOfficeName & "
Comment" & .Info & "
Title" & .Title & "
Work Phone" & .TelephoneNumber & "
Mobile Phone" & .Mobile & "
Pager" & .Pager & "
Fax Phone" & .FacsimileTelephoneNumber & "
Home Phone" & .HomePhone & "
Mail Drop" & .PostalAddress & "
Employee Number" & .EmployeeNumber & "
Employee ID" & .EmployeeID & "
Employee Type" & .EmployeeType & "
Department" & .Department & "

<% 'I put the submit button at the bottom of the form, which might look a little inconvenient. 'However, the user can press Enter at any point in the form to submit the updates. %>
Public Domain Dedication
This work is dedicated to the Public Domain.