AD based Intranet Phone Book

I want to introduce you briefly how to deploy an intranet phone book using Active Directory in a short time.

I want to discuss

– Advantages and disadvantages of standalone applications – Requirements and preparation in your AD and the – Provision of the AD phone book with FirstWare IDM-Portal

Intranet Phone Book with a separate / stand-alone application

In most cases data for an intranet phone book are processed in a phone book application that comes with its own database. What does this mean for the data of an individual user and the admins?

A stand-alone phone book application has advantages and disadvantages:

Advantages

• A simple application for a structured data management
• Only selected information is provided
• Possibility to delegate tasks / Self Service

   

Disadvantages

• Applications store data in various databases (1 person, many data sets)
• Changes must be maintained in several systems
• User records may vary in different applications (eg data is not maintained at the same time / no automated information forwarding …)
• à Several systems, duplicate data maintenance, higher error rate

   

Alternative

Our approach is to use data sets that already exist at a central location. And this location is Active Directory. In the AD, records for a user must be created anyway. Therefore, you might want to use and maintain the records in Active Directory for address book purposes as well.

Requirements for an AD Phonebook

I would like to mention that there are conditions to make your Active Directory an AD Phone Book. If you want to use data that already exists, it is important to perform 2 steps:

1. Check the master data quality and ensure good quality
2. Optimize the OU structure and separate user, administration and service accounts

Master Data Quality

The quality of the data and their consistency is extremely important. Because you want your users to find the matching data when they are looking for the phone number of coworker.

There are various ways you can review or maintain the data. Here are 2 ways explained briefly.

1. Standard Tools – Active Directory Users and Computers

   The processing of user data with Active Directory Users and Computers gives you a lot of options, but it is somewhat cumbersome. You have to click through a lot of tabs and this may be a source for failures. You can easily forget to fill in some attributes that might be not “as important” as some others, but it will lower your total quality. Especially if you are going to use this “less important” attribute in the future. The Delegation of the data maintenance is possible, but not intuitive.

   

2. FirstWare IDM-Portal

   FirstWare IDM-Portal to accelerate user management in AD. Significant user attributes are displayed in one single web form. You can fill or edit the attributes of user accounts in a very short time using the Tab key (instead of switching tabs in Users and Computers). You can delegate standard tasks to colleagues without great IT or AD expertise.

   

If you already have complete data sets (in a list or application) and the AD is to be filled with these, you should bulk import these. You can also use other attributes for the user administration.

Optimization of the OU structure

In order to use Active Directory as an address book, you should separate admin, user, and service accounts in the OU structure. The separation of accounts types ensures that the user can only see data that is relevant data for him/her. Admin and service accounts are in separate LDAP paths and thus are not visible when users search the address book.

Publish AD user data as AD Adressbook

There are several applications that read in data from the AD, process it in their own databases and then provide an intranet phone book.

However, this is not necessary. The fewer systems and databases are used, the faster and the less error-prone the application will be.

You can use FirstWare IDM-Portal to provide the data:

1. Set it up by yourself of with help of IDM-Portal support
2. Define, what attributes users can edit in Self Service
3. Give the URL to your users

   

As you can see, the provision of AD data is quite simple. Users can maintain their own user record and upload a user photo (if the permission is set by an admin).

IDM-Portal is made with the users perspectie in mind. Your users are different? Manufacturer FirstAttribute helps you customizing IDM-Portal to your needs.