Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Can you have a password that works on any Active Directory user?

Posted on 2008-06-20
4
Medium Priority
?
421 Views
Last Modified: 2010-03-17
On Apple networks I have seen the possibility of having one password work for any user, as a secondary password(not defined by the user, but the system admin). Is this possible with Active Directory?

- I do not want to keep user passwords documented as they are changed.
- I do not want to reset user passwords, then have to notify the user its been changed.
- I want a secondary password that can authenticate with selected users / groups / or OUs.

Is there a setting, third party software, or better standard of pratice I should be following?

Hamm
0
Comment
Question by:aguyhamm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 85

Expert Comment

by:oBdA
ID: 21829672
Definitely not. For your own safety and that of your users.
How would a user feel if the admin would log on with the user's account and send an insulting email to management?
How would an admin feel if a user would send an insulting email to management, then claim it was the admin, 'because he's able to logon with my account'?
Standard practice is to either handle this together with the user, or to reset the password, which is an audited event and can not be hidden from the user.
There is usually no need to log on as the user.
0
 
LVL 2

Expert Comment

by:andrewjones1987
ID: 21830804
that facility is not available in Microsoft Apps
0
 

Author Comment

by:aguyhamm
ID: 21832034
We have a content server that records what users are logged into what machine, ect. So it could be proven the email did not come from the specified user.

When someone is having Exchange/Outlook/OWA issues I am looking for an easy way to check and make sure things are corrected, without having to reset a users password to see their inbox.

Is there a different way to approach this?
0
 
LVL 85

Accepted Solution

by:
oBdA earned 1000 total points
ID: 21833253
And how exactly would you "prove" this if the admin is logging on with the user's credentials?
Anyway, no, Windows does not provide any way to do so other than resetting the user's password, and it's better for you and for the user.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question