?
Solved

AD Password Management using SharePoint 2010

Posted on 2012-08-22
11
Medium Priority
?
696 Views
Last Modified: 2012-09-21
We have SharePoint 2010 installed and users login using AD accounts.  We have recently added a very nice webpart that allows them to change their passwords whenever they want, but of course they have to already be in SharePoint to use it.

I'm looking for one more thing to add to the installation: a force password change dialog.

If a remote user logs in after their password expires, I'd like for SharePoint prompt them to change it before proceeding.  Or if they call me for a password reset (if they've forgotten their password), I'd like to be able to force them to change their temporary password at first logon.

I'm guessing these would be the same thing, but I could be wrong about that.

Thanks,
Jono
0
Comment
Question by:Jono Martin
  • 4
6 Comments
 
LVL 13

Expert Comment

by:Yagya Shree
ID: 38321652
Please look into this solution.

http://userchangepassword.codeplex.com/
0
 

Author Comment

by:Jono Martin
ID: 38336390
Thanks for the link, yagyashree.  I'll take a look at it and then get back on here.  I've been out since last Wednesday; that's why it's taken me this long to comment.

Jono
0
 

Author Comment

by:Jono Martin
ID: 38336449
Hi yagyashree - It looks like the webpart from your link is just a change password webpart.  I actually already have one of those in place.

I'm looking for a force password change dialog.

If a remote user logs in after their password expires, I'd like for SharePoint prompt them to change it before proceeding.  Or if they call me for a password reset (if they've forgotten their password), I'd like to be able to force them to change their temporary password at first logon.

I'm guessing these would be the same thing, but I could be wrong about that.

Thanks,
Jono
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 13

Expert Comment

by:Andrew Derse
ID: 38389037
The users logging in to the site don't login to their machines using the same AD accounts?  

If they did, then the computer would prompt them...not the site...just a thought.
0
 

Author Comment

by:Jono Martin
ID: 38391518
Kernel_Recovery_Tools -
Is the procedure you posted for automatically changing a user's password and then sending it to them?  I'd like something that will force them to change their password rather than just giving them one.

Here's a scenario that might better explain what I'm looking for...

What's happening now:
A user uses a non-domain computer to log into SharePoint with his AD account.  His password is expired so he is denied access to SharePoint.

What I'd like to happen:
A user uses a non-domain computer to log into SharePoint with his AD account.  His password is expired so when he attempts to log into SharePoint, he's presented with a dialog that tells him his password is expired and then prompts him to change it.  He changes it and is then able to access SharePoint.

The remote users of our SharePoint site use non-domain computers, but they log in with AD accounts.

Jono
0
 

Accepted Solution

by:
Jono Martin earned 0 total points
ID: 38405673
Thanks for that, Kernel_Recovery_Tools.

It looks like this tool would have to be made available online, perhaps on the login page of SharePoint.  I'll send this up the financial flagpole and see where it goes.  That takes a while and I don't want to keep this open, so I'll award points for what appears to be a good solution.

Thanks again,
Jono
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question