Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 634
  • Last Modified:

Automated Active Directory Credential Unlock/Reset

We have over 150 restaurant locations, +100 field users and +100 Corporate Office users in our company that have domain user accounts. We constantly have issues with users being locked out of their account due to excessive incorrect logins. One reason being that there is such a high turnover rate in staff at the restaurants and the other is some of these people aren't the brightest people out there. We don't really have the option of using the auto unlock feature after a set time due to security standards that must be met. It would be great if there was some automated way we could have an automated unlock request form on our website that would reset their domain password after answering a series of security questions or other security check points. I am aware that there are probably several third party solutions that are available to achieve this task.The biggest challenge faced is the same as all other company's, budget constraints. If anyone knows of any way to achieve this with either low/no additional software purchasing, i would greatly appreciate it. I don't really mind spending alot of labor hours in the beginning to set this up if it will be pretty automated down the road.
0
rza123
Asked:
rza123
  • 2
2 Solutions
 
sanket_1985Commented:
This trouble can be easily addressed by writing an ASP.NET page which will do the task.

In ASP.NET Code, using System.DirectoryServices namespace you can easily write a code that will unlock a user provided exact user name and domain name is available.

Following is the C# function that will do the task.

In the arguments, the values should be supplied as follows:

path: Fully Qualified LDAP path to the user which you want to unlock
loginname: User name with which you want to login to server to unlock above mentioned user (in path).
loginpassword: Password for above User.

            public bool UnlockUser(string path, string loginUserName, string loginPassword)
            {
                  bool isPasswordSet = false;

                  try
                  {
                        DirectoryEntry thisUser = new DirectoryEntry(path, loginUserName, loginPassword);
                        thisUser.Properties["LockOutTime"].Value = 0x0000;
                        thisUser.CommitChanges();

                        isPasswordSet = true;
                  }
                  catch (Exception)
                  {
                  }

                  return isPasswordSet;
            }
0
 
ChandarSCommented:
Hi,
You can also download ADSelfService Plus to perform the automatic password reset task.
http://www.manageengine.com/products/self-service-password/active-directory-password-reset-gina-credential-provider.html
This software is available for 30 days trial.

Regards,
Chandar Singh
0
 
rza123Author Commented:
I will give both of these solutions a try when I get back in the office tomorrow morning. More than likely, the third party app may work better since all of our intranet pages are password protected and we do not have any web sites out on the internet that are accessible without VPN access, which would require the user to enter their domain credentials.
0
 
rza123Author Commented:
I wasn't able to use either solution in our environment but it wasn't because these were not viable solutions.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now