I helped out a friend and we are trying to clean up an AD with messed up userdata. The upn, firstname and lastname and E-Mails are correct. But fields like "manager" or something like cost center are not filled in correctly. Now I thought about a form to hand out to everyone digitally and enter the right information and we can insert it using powershell. And later make sure that the info will not change without the right approvals. But for some reason I feel that there must a better tool for that. Can anyone give me advice, how this can be done in a smart way? Maybe there is a tool where "Mr. Bond" can enter his info and place his "Boss" as manager. Later the Boss presses a button to approve this info and the tool writes it back to the ad. Whoever didn't fill in the boss, get's emailed. Or do I have to build this on my own? All help is appriciated. I feel that this might be opinion based for some reason, but I am looking for the smartest way, with less steps and manual work to clean up the mess. I can get azure AD connected in case this helps.
Delegate only the necessary user update permission to the data owners group making updates. Allow them to make changes according to your organization's processes.
Updates can be done from many tools. Active Directory Users and Computers, a PowerShell mass change script you write, third party software that does something fancier. Select what meets your requirements.