
tldr: if details are changed or new accounts added in active directory we want to update an RSS feed.

Our organisation has a good deal of staff changes so it can be slightly crazy to keep track of who's in what role and new staff that have joined us.

I'm currently interested in setting up a feed which will show staff changes which I could then have show up on our intranet site (internal only so no privacy issues there). Something like: Jane Doe has started working for CompanyName in DepartmentName, here's a link to her staff profile [LINK]. Or Bill from accounting now works in building management.

Basically person x now works for us, or person y has changed roles.

We handle our login authentication with active directory (which I don't know heaps about), any time someone comes to work for us they get a login; when they change roles they would have their details changed in active directory.

What I want is an RSS feed which would have new items added to it dynamically any time that a new user is added or a staffmember's details are changed on AD.

a particular item in the feed would look something like this

    <title>[username] [now works here / has changed roles]</title>
    <description> follow the link to see their staff profile</description>

how can I get the feed xml file automatically updated when one of those changes is made in active directory?

Thanks for your time.


2 Answers


I would recommend setting up a service to poll for the changes that then writes them somewhere else for you to pick up and manipulate for your RSS feed.

Ryan Dunn has a great post discussing how to do this in .Net, specifically with Change Notifications. Personally, I'd recommend using DirSync as it's pretty easy to setup, but his post does a great job with pros/cons of each method.


This is quite a complicated question. Active Directory has a "last modified" attribute and a "created" attribute. So you could query the timestamp on created and then update an RSS file from that to get your new users. However, just because an AD entry has been modified doesn't mean the job title has changed, so you're going to have to cache the Active Directory somewhere locally, say into a database and then do a check against that to see if a job title has changed.

You'll need to write some LDAP queries (See here, for example: http://www.selfadsi.org/extended-ad/search-user-accounts.htm) to find all the accounts and then process them.

What language are you looking to use?