Solved

Allowing users to reset other peoples password w/o logging into ADUC

Posted on 2016-11-23
4
57 Views
Last Modified: 2016-11-28
I gave several department supervisors the ability to reset their departments password by using Delegated Permissions.  Is there a tool they can use on their desktop to reset the passwords without having to RDP into the AD server?

Server 2012
0
Comment
Question by:Larry Kiterling
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 

Expert Comment

by:Jeff Dunn
ID: 41899562
The best solution for this is from ManageEngine. Called ADManager plus it will do so much more than the delegation and compliance will be happy because you will be removing the ability to have the delegates go into AD directly. You could also allow the end users to self service with another product of theirs called AD Self service plus.
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 41899905
If RSAT Tools are installed on their workstations they can use ADUC on their machine without having to RDP to another machine.

You could also write a PowerShell script to reset the password.  It's easier if they have the RSAT tools installed locally because then they have immediate access to the AD cmdlets.
Import-Module ActiveDirectory
$uname = Read-Host "Enter username"
Set-ADAccountPassword -Identity $uname -NewPassword (Read-Host -AsSecureString "New Password") -Reset

Open in new window


If RSAT tools are installed locally, you can use the techniques shown in this link to get access to the AD cmdlets through another machine.
https://blogs.technet.microsoft.com/ashleymcglone/2013/06/27/how-to-use-the-2012-active-directory-powershell-cmdlets-from-windows-7/
0
 
LVL 12

Expert Comment

by:Ajit (Kevin k)
ID: 41900435
You can use PowerShell for this: http://deployhappiness.com/reset-user-passwords-with-ad-self-service-portal/
Users can use text messages to reset their password. Their phone is linked to their account which provides an extra layer of security.

Another option, you can use third party applications, like:

Lepide Active Directory Self Service

Quest Password Manager

Hope this helps!
0
 
LVL 40

Expert Comment

by:footech
ID: 41904594
If RSAT tools are installed locally...
BTW, that should read, "If RSAT tools aren't installed locally..."
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question