When the policy is enabled, users are allowed to update selected user attribute values.
By default, Active Directory default permissions, defined in the schema, allow the SELF security principal i.e. the user to update some attribute values of their user object. You can extend this permission set by granting the SELF security principal WRITE permission ex. WRITE PERSONAL INFORMATION or explicitly granting WRITE permission on selected attribute values. In the Settings tab, refer to list of attributes that are supported by the software and then, grant permissions appropriately.
For USER PERSONAL INFORMATION attribute set, refer to http://technet.microsoft.com/en-us/library/cc728117(v=ws.10).aspx
If you allow the users to modify their photo in Active Directory you can also restrict the picture size. If the recommended size is exceeded but allowed size is not, users will receive a warning message.
This article provides instructions on testing the SYNERGIX AD Client Extensions software. User Self Service feature is configured using the Administrative Template. After installing the Administrative Template file, the policy setting can be found under COMPUTER CONFIGURATION \ Administrative Templates \ SYNERGIX AD Client Extensions \ Self Service\ User Self-Management. The Explain tab of the Group Policy setting provides online instructions on configuring the feature.
- Microsoft Windows 7.0 or
- Microsoft Windows 8.1 or
- Microsoft Windows 10 or
- Microsoft Windows Server 2008 & R2 or
- Microsoft Windows Server 2012 & R2 or
- Microsoft Windows Server 2016
- .NET Framework 4.0
Active Directory Domain Environment
- Single Active Directory Domain environment i.e. Single Forest with Forest Root Domain only example. SYNERGIX.WIN
- You can setup a more complex Active Directory Domain environment, if needed. For example, one forest SYNERGIX.WIN with child domains US.SYNERGIX.WIN, and GB.SYNERGIX.WIN and a trusted forest SYNERGIXLABS.WIN with child domains US.SYNERGIXLABS.WIN, GB.SYNERGIXLABS.WIN
- Security Group(s)
* Not required for this feature
- Delegate Control
* We need to give permission on the Users container, for user to update/write their information. ex. WRITE PERSONAL INFORMATION or explicitly grant WRITE permission on selected attribute values. Please go to the Settings tab, refer list of attributes that are supported by the software and grant permission appropriately.
Configure domain Group Policy Object
Copy SYNERGIX AD Client Extensions Administrative Template file SYNERGIX-ADCE.ADMX to %SystemRoot%\PolicyDefinitions on admin workstation (must be Windows 7.0)
Copy SYNERGIX AD Client Extensions Administrative Template Language file SYNERGIX-ADCE.ADML to %SystemRoot%\PolicyDefinitions\en-US on same admin workstation (must be Windows 7.0)
Now configure ADCE’s “User Self-Management” feature
- Using GPMC.MSC, edit existing or new Group Policy Object
- Expand COMPUTER CONFIGURATION
- Expand Policies
- Expand Administrative Templates
- Expand Synergix AD Client Extensions
- Expand Self Service
- Double Click on “User Self-Management” and enable it.
- Select the appropriate check box to allow users to modify their personal information
- Click on Apply or the OK button.
- Log into a domain computer with the domain account (your admin account) that has local administrative privileges on the workstation.
- Ensure the SYNERGIX AD Client Extensions specific Group Policy settings were applied
- Launch RSOP.MSC or run GPRESULT.EXE /v to confirm
- Install SYNERGIX AD Client Extensions software
- After the software is successfully installed,
- Now launch MyAccount from Synergix ADCE system tray icon and fill the appropriate text box and click on “Update Information” button. You will get information about your saving with time.
Test Results Submission
- Output of GPRESULTS.EXE /V command
Note: You must use ADCE \ Help \ Submit Log Files button to zip up above 3 files and submit