Solved

Can you have a password that works on any Active Directory user?

Posted on 2008-06-20
4
411 Views
Last Modified: 2010-03-17
On Apple networks I have seen the possibility of having one password work for any user, as a secondary password(not defined by the user, but the system admin). Is this possible with Active Directory?

- I do not want to keep user passwords documented as they are changed.
- I do not want to reset user passwords, then have to notify the user its been changed.
- I want a secondary password that can authenticate with selected users / groups / or OUs.

Is there a setting, third party software, or better standard of pratice I should be following?

Hamm
0
Comment
Question by:aguyhamm
  • 2
4 Comments
 
LVL 84

Expert Comment

by:oBdA
ID: 21829672
Definitely not. For your own safety and that of your users.
How would a user feel if the admin would log on with the user's account and send an insulting email to management?
How would an admin feel if a user would send an insulting email to management, then claim it was the admin, 'because he's able to logon with my account'?
Standard practice is to either handle this together with the user, or to reset the password, which is an audited event and can not be hidden from the user.
There is usually no need to log on as the user.
0
 
LVL 2

Expert Comment

by:andrewjones1987
ID: 21830804
that facility is not available in Microsoft Apps
0
 

Author Comment

by:aguyhamm
ID: 21832034
We have a content server that records what users are logged into what machine, ect. So it could be proven the email did not come from the specified user.

When someone is having Exchange/Outlook/OWA issues I am looking for an easy way to check and make sure things are corrected, without having to reset a users password to see their inbox.

Is there a different way to approach this?
0
 
LVL 84

Accepted Solution

by:
oBdA earned 250 total points
ID: 21833253
And how exactly would you "prove" this if the admin is logging on with the user's credentials?
Anyway, no, Windows does not provide any way to do so other than resetting the user's password, and it's better for you and for the user.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question