Directory Search
  • Overview
  • Features
  • Evaluating
  • Requirements
  • Installation
  • Version History

Turn your Active Directory in to a company phone book

You have made an investment to keep your Active Directory up-to-date. Directory Search is a standalone Web application that you can provide for your users that will allow them to use the Active Directory as a web-based phone book or company white pages. This simple application is licensed one time for an entire Active Directory forest and is customized in much the same way that Directory Update and Directory Manager are customized.

Your users can search for someone in your Active Directory using most any search criteria that you wish to provide. The information about the user is visible in the tabs below the search results window or the user can double-click on someone in the search results and see more details.

Both the search interface and the fields displayed are configurable by the administrator. Directory Search can also display the photos (if stored in the Active Directory) that are used by Outlook 2010.

Directory Search is a Web-based application that is based on the search interface in our Directory Manager application. Search criteria for searching the Active Directory including display name, user name, manager, department, title, e-mail address, company, office, employee ID, phone number, and even the extension attributes. Not all search criteria are displayed by default, but are configurable by the administrator.

If enabled, the user can then export their search results to a spreadsheet or they can click on the Edit My Info button and be re-directed to the Directory Update application (purchased separately) so they can update their own Active Directory information. If you choose to enable this feature, Directory Search will allow you to export your search results to a spreadsheet. The administrator specifies which fields can be exported.

By default, anonymous logon access is enabled for Directory Search, but the installer can configure Directory Search to use forms-based authentication or Integrated Windows Authentication. The installer can also configure which fields are visible on the user information form and which columns/fields are shown in the search listing.

Features include:

  • Customizable search interface. You specify the attributes that you want to allow the user to search and view.

  • Option to export search results to a CSV or XLS file; this can be hidden

  • Edit My Info button provides a link so that the user can link to Directory Update (if installed)

  • Configurable OU filter and other filters so you can display only the users from your directory that you want your users to see.

  • Most of the interface is localizable so that you can customize to your local language or dialect.

No pressure. No annoying salesmen. No registration. Just download and install the software!

Like our other software, we strongly urge all potential customers to download Directory Search, install it in your environment, and customize it for your use. You will see how easy it is to get Directory Search up and running.

You can download a fully functional from the Downloads section of our Web site; the evaluation will be fully functional for 10 days with no limitations. We will not ask you for your e-mail address, telephone number, or first born child; all you have to do is download the software. And, if you run in to problems and have a question, we will give you the same great support we give our customers.

If you choose to purchase Directory Search, you can keep your customized configuration. Just run the Configuration wizard and edit the Directory Search installation to add your license key.

If you already have one of our other products running on an IIS server in your forest, then you have met most of the requirements for Directory Search already. The server on which Directory Search is installed must be a member of the same forest in which it will be used. Directory Search cannot be used against accounts in trusted domains that are located in another Active Directory forest.

Active Directory Requirements

Directory Search works against all versions of Active Directory including Windows 2000, Windows 2003, Windows 2008, and Windows 2008 R2.

Exchange Server Requirements

Directory Search does not require any version of Microsoft Exchange Server. We can use some attributes that are provided by the Exchange Server “schema” prep but Exchange is not required. To use attributes such as the extension attributes (aka custom attributes) we suggest you “prep” you forest with a minimum of Exchange Server 2003, but this is not necessary.

Server Operating System

  • Windows Server 2003 with SP2 (x86 or x64)
  • Windows Server 2003 R2 with SP2 (x86 or x64)
  • Windows Server 2008 with SP1 (x86 or x64)
  • Windows Server 2008 R2 (with our without SP1)

Either the Standard Edition or Enterprise Edition is supported. The server can be either physical or using a virtualization technology such as VMWare or Microsoft HyperV. For Windows Server 2008, you must install the full installation of the operating system. Server Core installations are not supported.

Internet Information Server

  • Internet Information Service (IIS) 6, 7, or 7.5
  • IIS 6 compatibility components must be installed if using Windows Server 2008
  • ASP.NET must be enabled
  • .NET Framework v3.5 must be installed/enabled
  •  Integrated Windows Authentication must be allowed

Microsoft/Windows Updates

Once the perquisites are installed, we strongly recommend that you perform a Microsoft Update and install all recommended and critical updates.

Interoperability with Other Web Applications

Directory Search usually works fine with most web applications running on the same IIS server provided the server remains in a minimum of IIS 6 mode. Directory Search can co-exist on the same IIS server as other Ithicos Solutions products. We recommend against running Directory Search on the same server with Microsoft SharePoint.

Service / Proxy Account

During the Directory Search installation, you will be prompted for a service/proxy account. This is only used during the installation. This account can be a regular user unless you are also going to use with one of our other products:

  • Name the account something recognizable such as SVC_DirectorySearch
  •  Proxy account password should have a strong password (15 characters)
  •  Proxy account’s password must not expire

Application Pool

An application pool is a memory space in which a web application executes. Web applications are assigned to the DefaultAppPool by default and that is usually fine. We recommend creating an application pool for Ithicos applications.

  • Name the application pool something like IthicosAppPool
  •  Application pool identity must run as the NetworkService user
  • 32-bit mode must be disabled

Installer’s Account

The person that installs Directory Search should use a user account that is both a domain account and a member of the server’s local Administrators group.

Secure Sockets Layer (SSL)

SSL is a security layer that protects HTTP data as it is transmitted across your network or the Internet. We strongly recommend that any web site that transmits personal data use SSL. Directory Search will work on a web site that uses SSL or not.

SSL uses a certificate that is “signed” by a certificate authority. We recommend that the certificate be issued by a certificate authority (CA) that is trusted by the browser clients that your users will be using. This prevents security warnings; users should never get used to ignoring security warnings.

Enabling SSL is a feature of Internet Information Server. The process will depend on the operating system.

Follow these links:

Browser Requirements

Directory Search uses ASP.NET and AJAX controls to create some enhanced functionality within the browser; some call this Web 2.0 technology. This means that it is not as simple as a standard web page and thus browsers must be carefully tested.

Our current releases support the following browser versions:

  • Internet Explorer 8.x
  • Internet Explorer 9.x
  • Firefox 4.x - Firefox 8.x

We only update current versions of our software when a new browser is released. This does not mean that older versions of our software or other browsers (Safari or Chrome) will not work, but we may not support them if you have problems. We recommend customers stay on software maintenance so that they can upgrade to newer builds of the software as they become available.

Note also that Internet Explorer is required to use Integrated Windows Authentication.

Directory Search is simple to install as long as the prerequisites all installed. Download the latest version from our Web site and unzip the DirectorySearch.msi file. Place the MSI file on the server’s local hard drive, such as in the c:\temp folder.

You can usually just double-click on the MSI file to launch the installer, but on Windows Server 2008, the User Account Control security settings may be set so tightly that you have to launch the installer from the command line (don’t forget to “Run As Administrator”) like so:

msiexec.exe /i c:\temp\DirectorySearch.msi

  1. On the installation wizard welcome screen, Click Next

  2. On the License Agreement screen, click “I Agree” and then click Next

  3. On the Select Installation Address, most installations use the defaults. From this screen, you can select a different web site, virtual directory name, or application pool. When you have made your selection, click Next.

  4. On the Confirm Installation screen, click Next

  5. The installation takes between 30 seconds and 1 minute and then the Directory Settings configuration screen appears. You may have to select it from the task bar as it sometimes appears “behind” the installer.

  6. On the Directory Settings screen, enter the host name of the domain controller, then DNS domain name of your Active Directory domain, the service/proxy account (in domain\username format), and the proxy account password. A common configuration problem is entering the FQDN name of the domain controller in the Domain Controller text box; this text box is for the host (short) name of the domain controller. Click the “Test Directory Settings” button and then click Next.

  7. On the Licensing Information Screen, copy and paste the organization name and license key that you were provided after you purchased the software. If you select the Evaluation checkbox, the software is fully functional in Evaluation mode for 10 days and you can run the configuration wizard later to provide the licensing information. Click Next when finished.

  8. On the Directory Search Information screen, click Next

  9. On the Installation Complete screen, click Close

  10. Immediately test the installation by using a Web browser to visit http://localhost/DirectorySearch (the default URL if you are checking from the console of the server) or http://yourservername.yourcorp.local/DirectorySearch (if you are checking from elsewhere on your network.

You can now proceed to customizing the application.

Installation Checklist

  1. Test the default installation (with no customizations)

  2. Edit the DirectorySettings.XML file to configure the fields that you want to use (visibility, required, dropdown versus text, validation formats, etc…)

  3. Edit the AppSettings.XML file to customize the help text

  4. Enable file logging and/or auditing in the AppSettings.XML file

  5. Set file system permissions for photos and log files (if necessary)

File System Permissions

If you wish to use Directory Update to upload photos to the Active Directory, give the NETWORK SERVICE user all permissions but Full Control to the .\Photos folder. This means you must give NETWORK SERVICE the following permissions to that folder: Modify, Read & Execute, List Folder Contents, Read, and Write. The Photos folder is found (by default) at c:\inetpub\wwwroot\directoryupdate\photos.

If you wish to allow Directory Update to record a text (CSV) file log of all changes made using Directory Update, you must give the NETWORK SERVICE the following persmissions to the .\Logs folder: Modify, Read & Execute, List Folder Contents, Read, and Write. The .\Logs folder is found (by default) at c:\inetpub\wwwroot\directoryupdate\Logs.

Directory Search was originally based on the search interface that was originally developed for Directory Manager. Our intention was to give our customers a low cost, easy to use search interface for Active Directory.

Directory Search v1.7

  • Updated screen display for telephone numbers to allow phone numbers to be better recognized by Microsoft Lync and Skype clients

  • Custom LDAP filter feature allows administrator to specify their own LDAP filter via AppSettings.XML file. This filter allows the initial search criteria to include or exclude specific users. Once the filter is in place, it cannot be overridden via the search interface.

  • Updates in screen and controls for compatibility with Internet Explorer 9/10 and Firefox 19.x.

  • Changed how default search results are returned so that they are more representative of users in Active Directory.

Directory Search v1.6

  • Updates in screen and controls for compatibility with Internet Explorer 8 and Firefox 6.x