Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Can you have a password that works on any Active Directory user?

Posted on 2008-06-20
4
Medium Priority
?
427 Views
Last Modified: 2010-03-17
On Apple networks I have seen the possibility of having one password work for any user, as a secondary password(not defined by the user, but the system admin). Is this possible with Active Directory?

- I do not want to keep user passwords documented as they are changed.
- I do not want to reset user passwords, then have to notify the user its been changed.
- I want a secondary password that can authenticate with selected users / groups / or OUs.

Is there a setting, third party software, or better standard of pratice I should be following?

Hamm
0
Comment
Question by:aguyhamm
  • 2
4 Comments
 
LVL 85

Expert Comment

by:oBdA
ID: 21829672
Definitely not. For your own safety and that of your users.
How would a user feel if the admin would log on with the user's account and send an insulting email to management?
How would an admin feel if a user would send an insulting email to management, then claim it was the admin, 'because he's able to logon with my account'?
Standard practice is to either handle this together with the user, or to reset the password, which is an audited event and can not be hidden from the user.
There is usually no need to log on as the user.
0
 
LVL 2

Expert Comment

by:andrewjones1987
ID: 21830804
that facility is not available in Microsoft Apps
0
 

Author Comment

by:aguyhamm
ID: 21832034
We have a content server that records what users are logged into what machine, ect. So it could be proven the email did not come from the specified user.

When someone is having Exchange/Outlook/OWA issues I am looking for an easy way to check and make sure things are corrected, without having to reset a users password to see their inbox.

Is there a different way to approach this?
0
 
LVL 85

Accepted Solution

by:
oBdA earned 1000 total points
ID: 21833253
And how exactly would you "prove" this if the admin is logging on with the user's credentials?
Anyway, no, Windows does not provide any way to do so other than resetting the user's password, and it's better for you and for the user.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question