Many organizations rely on user account attributes to run queries against Active Directory and get lists of user accounts. For example, an administrator might run a query against the department attribute to find all finance users. If, however, a user’s department is not filled out in Active Directory, the user will not be returned in any query for department (unless a query of null is run).
So, how can you require certain essential user account attributes to get the results you want?
You could update the Active Directory schema to make the required user account attributes mandatory. This might end up being a large issue, as it requires that the attribute be configured before the user account is created. Since the Microsoft new user creation wizard does not include department as a configuration during user account creation, you would be forced to program significant customizations.
Alternatively, you could use a tool that is designed to handle such requirements, such as ADSelfService Plus. ADSelfService Plus can enforce a mandatory response for any user account attribute. Here’s how:
- Configure all users to enroll in ADSelfService Plus during their next logon.
- After enrollment, the user will have to input the mandatory attributes.
Figure 1A illustrates what the forced enrollment setting looks like, while figure 1B illustrates what the end user would see at logon.
Figure 1A. Forcing enrollment of users into ADSelfService Plus.
Figure 1B. Users see a customized dialog box at logon to require them to enroll.
Figure 2A shows how to make user account attributes mandatory, and figure 2B shows how to force users to input mandatory attributes. Figure 2C illustrates what the user will see with regard to mandatory attributes.
Figure 2A. Any user account attribute can be made mandatory.
(Note: As you can see, the mandatory attribute has options for limiting the characters that are entered.)
With ADSelfService Plus, you get all user account attributes correctly entered, not to mention that the user is now enrolled to take advantage of the other powerful features of ADSelfService Plus.
Figure 2B. Users cannot leave the end-user portal without inputting information into the mandatory fieds.
Figure 2C. Users must input correct information for mandatory attributes.
(Note: The “*” symbol indicates a mandatory field, and if this field is not entered correctly, the dialog box will appear.)
Using this method can ensure that all the information you need is updated in Active Directory correctly. To take advantage of this helpful technology, please download ADSelfService Plus from here and start using it today.
