Telephone numbers in Active Directory (Delegation to Non-IT)

Updating various IT systems with data such as phone numbers is time consuming and prevents admins from doing important technical maintenance. Phone numbers of an employee need to be updated in Active Directory, the intranet phone book or the HR database… 

But users can also update phone numbers directly to the AD by themselves and use this data – without any admins help



Updating phone numbers causes additional workload

Usually the Human Resources department is one of the first to be contacted by an employee if he/she changed the number of his/her phone. HR will update their own master data as a result of this. In case the phone number needs to be stored in Active Directory, an additional notification to the IT is necessary. The reason is that neither the workers nor the HR can perform this change directly.

Many companies and organizations also use intranet address books, that are usually not connected to an HR database or Active Directory. But these Intranet phone books are often the only applications that provide a self-service to let users maintain their own records. There are various reasons why.

3 people with 1 task

3 people dealing with 1 task


The initial situation: Changing one attribute means work in three systems.
In many environments there are even more databases or directories that host the same user data. How much workload is are really needed?

Phone number update by system and contact person

  • Intranet phone book – users, data manager
  • Active Directory – IT administrator
  • HR master data  – Human Resources representative


Users update own phone number directly to AD

Like any other user, an HR employee also has to login to his Windows computer at the beginning of the day. In most cases this synonymously means an authentication process against Active Directory. And this means that any user working with a computer that is connected to the organizational network has an AD account. And with this a certain amount of its attributes filled.


If there is already and AD account for each user, why maintaining additional databases and directories with the same information?


Responsibilities can be defined according to the organizations policies.
If users are not capable of maintaining their personal information to the AD, another person can be authorized (manager, secretary, etc.) to edit it. Both options (Self Service and Delegation) can be easily implemented with the FirstWare IDM-Portal. If you need a flexible role model, you should have a look at the standard edition. Self Service is already possible with the free edition.


User updating his own phone number - Phone book generated with AD data

User updating his own phone number – phonebook generated with AD data


This is how phone number maintenance could look like:

Item 1 and 2 can already be accomplished with IDM-Portal FreeEdition – and enables non-IT staff to maintain telephone numbers in Active Directory.
The installation takes less than 30 minutes.


Maintain AD phone numbers in self-service

Portal solution

Editing your own user attributes, such as the telephone number with FirstWare IDM-Portal is self-explanatory. The portal can be opened via web browser and the user is already logged in according to its Windows login. By clicking on the profile picture in the top left, you reach your profile and can edit your own data.



FirstWare IDM-Portal: User update their own phone number directly in Active Directory


Microsoft standard tools: Maintenance by an admin

An administrator needs to edit attributes in two tabs of the Active Directory Users and Computers console in order to set all telephone numbers. The processing takes longer, delegation must be set up and explained. The whole process is more time-consuming.



MS standard: AD Users and Computers


Second tab for phone numbers



Let users update user data

Self administration can be extended to many attributes.
Green fields show the user what attributes he/she can edit.




It is possible to set individual roles with the StandardEdition that:

  • are limited to certain OUs
  • can read different attributes
  • can write different attributes
  • can see different tabs
  • can assign group memberships (access permissions)

If you have any questions or requests, please contact us for further details.



This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


Time limit is exhausted. Please reload CAPTCHA.