Using the Active Roles 7.2 self service website to update your own manager

tim callender said:

I've added (Allow - Read objectClass - user) and (Allow - Read objectClass - Organizational unit) but that didn't help.

Did you allow this for your users across your whole domain or at least all OUs containing potential Managers?  And to whom did you assign these permissions?  i.e. what Trustee group?  I normally create a group called "All Delegated Admins" or some such and grant them the ability to view all of AD (or at least those parts that I know they will need to see in order to support the tasks being performed).

tim callender said:

I've added (Allow - Read objectClass - user) and (Allow - Read objectClass - Organizational unit) but that didn't help.

Did you allow this for your users across your whole domain or at least all OUs containing potential Managers?  And to whom did you assign these permissions?  i.e. what Trustee group?  I normally create a group called "All Delegated Admins" or some such and grant them the ability to view all of AD (or at least those parts that I know they will need to see in order to support the tasks being performed).

Thanks.  I granted read access to NT AUTHORITY\Authenticated Users but I was still getting that same error.  When I originally added the manager field to the self service website I chose "select" from the "add entry" drop down menu.  I deleted the manager field and added it again but this time chose "create" from the "add entry" drop down.  This time it worked but I'm not sure why.  Perhaps the added entry was being used by another form that had a conflict.  Now that it's added, the "select object" search box defaults to the subdomain where the user resides with no option to select another subdomain to search in.  It does however work if you use the DOMAIN\username format when searching for a manager from another domain.

Using "Select" from the "Add Entry" drop down menu allows you to locate or select an item that is being used on another form. It also allows you to browse through the list of the items/attributes, showing you the forms that particular item is being used in. For example, if you were building a new "New User" form from scratch and wanted to mimic the password options based off of the built-in New User form, you could go to "Select" and look for "Account Options" listed next to NewUser. If an item is already added to the form you are working on, it will not be visible in the list, this goes for "Create" as well. Any given attribute can only appear one time on any given form, no matter what tab it is in.

Using "Create" presents you a full list of attributes (ones that haven't already been added to the form) to choose from, including virtual, to add to the form.

Looking specifically at the Manager attribute, there appears to be an issue with the built-in Manager attribute, the one that is selected when going to "Select" from the drop down list. This would be the Manager attribute that is used on the User Properties form. It will have "Custom" listed in the "Entry type" column. You should be able to contact Support to resolve the issue with the built-in Manager - Custom entry.

If you go to "Create" from the drop down list and select the Manager attribute from here, it will have an "Entry type" of "Auto". This one seems to work fine.

Also, within the Advanced Properties of the Manager - Auto attribute, you can set additional options, one of which would be to allow the user to edit the "Search in" or "Find in" field.

This results in a drop down list that can be editing in the "Search in" field when clicking the Change button under Manager: