Solved

Can you have a password that works on any Active Directory user?

Posted on 2008-06-20
4
414 Views
Last Modified: 2010-03-17
On Apple networks I have seen the possibility of having one password work for any user, as a secondary password(not defined by the user, but the system admin). Is this possible with Active Directory?

- I do not want to keep user passwords documented as they are changed.
- I do not want to reset user passwords, then have to notify the user its been changed.
- I want a secondary password that can authenticate with selected users / groups / or OUs.

Is there a setting, third party software, or better standard of pratice I should be following?

Hamm
0
Comment
Question by:aguyhamm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 84

Expert Comment

by:oBdA
ID: 21829672
Definitely not. For your own safety and that of your users.
How would a user feel if the admin would log on with the user's account and send an insulting email to management?
How would an admin feel if a user would send an insulting email to management, then claim it was the admin, 'because he's able to logon with my account'?
Standard practice is to either handle this together with the user, or to reset the password, which is an audited event and can not be hidden from the user.
There is usually no need to log on as the user.
0
 
LVL 2

Expert Comment

by:andrewjones1987
ID: 21830804
that facility is not available in Microsoft Apps
0
 

Author Comment

by:aguyhamm
ID: 21832034
We have a content server that records what users are logged into what machine, ect. So it could be proven the email did not come from the specified user.

When someone is having Exchange/Outlook/OWA issues I am looking for an easy way to check and make sure things are corrected, without having to reset a users password to see their inbox.

Is there a different way to approach this?
0
 
LVL 84

Accepted Solution

by:
oBdA earned 250 total points
ID: 21833253
And how exactly would you "prove" this if the admin is logging on with the user's credentials?
Anyway, no, Windows does not provide any way to do so other than resetting the user's password, and it's better for you and for the user.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question