Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Self service password reset

Posted on 2007-10-18
11
Medium Priority
?
315 Views
Last Modified: 2010-08-05
3 w2k Dc's, 2 W2k3 Dc's.  Xp Sp2 clients.  All users have submitted answers to 5 security questions which have been added to the Extension attributes in AD (Exch2k3 installed).  OU delegation to a service account to reset password for each user account & to read Extension attributes of Ad object.  Using ADSI (ADO ?) can an ASP be created so that if user locks account/forgets password they can access this page on intranet (as all would be internal traffic) enter their FQDN or just Pre-Windows logon & email address and select a secret question to answer and if successful with answer they are prompted to enter new password?  Obvioulsy logging would be required such as IP & user name of computer being used, time & date all to be emailed to an admin and to user
0
Comment
Question by:coch
  • 5
  • 3
9 Comments
 
LVL 16

Expert Comment

by:ThinkPaper
ID: 20104220
So is this password reset for a web application? Or are you talking about the AD user password? If that's the case, how is the user able to access this "rest pw" page if they are unable to log on the computer in the first place? If you can clear it up, I think we may be of more assistance =)
0
 
LVL 18

Accepted Solution

by:
PowerIT earned 1500 total points
ID: 20107134
Microsoft Indentity Integration Server can implement this.
See: http://technet2.microsoft.com/ILM/en/library/7ff88984-0335-4366-9118-61cf1a27748c1033.mspx?mfr=true

J.
0
 

Author Comment

by:coch
ID: 20107148
Thinkpaper - we have a large number of computers that logon using a generic account with very restricted permnissions allowing access only to intranet and another few inhouse applications.  So they would use one of these.

PowerIT - There would be a cost involved with Identity Integration Server wouldn't there?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 18

Expert Comment

by:PowerIT
ID: 20107220
Yes. Having your helpdesk manually reset passwords is also a cost. You'll have to verify which one outweighs the other.

J.
0
 

Author Comment

by:coch
ID: 20107249
Thats the idea of having the self service intranet page though, particularly as we are 24/7.  I will obvioulsly investigate MIIS
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 20107264
Sorry, after reading it again my comment sounded a bit patronizing. It was not meant that way, if course you realize why you are investigating such a project.

J.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 20509184
Tolomir, why a delete? I did give the answer.

J.
0
 

Author Comment

by:coch
ID: 20509298
Apologies for not coming back sooner.
Although the question didn't exactly specify 'no cost' software, this was what I was looking for.  I have looked at MIIS & Novell products.  Think I'll just work on my existing code.
I think rather than no-one (?) get the points I'm happy to split them between the people that did take the effort to post, if thats ok now?
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 20509441
Thanks Coch, you can do the split at your own leisure as long as the question has not been closed.

J.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Still wondering grappling over to strengthen your password, worry no more. Choose a Strong Passphrase instead though second factor is highly recommended. Read on more on the how-to and tips to enhance your "password" using easier to remember passphr…
ITIL has an elaborate incident management framework. This article serves as a starter for those who'd like to know more or need to suss out the baseline elements in a typical incident response execution plan on the "need to have" and the "good to ha…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question