Solved

Allowing users to reset other peoples password w/o logging into ADUC

Posted on 2016-11-23
4
47 Views
Last Modified: 2016-11-28
I gave several department supervisors the ability to reset their departments password by using Delegated Permissions.  Is there a tool they can use on their desktop to reset the passwords without having to RDP into the AD server?

Server 2012
0
Comment
Question by:Larry Kiterling
  • 2
4 Comments
 

Expert Comment

by:Jeff Dunn
ID: 41899562
The best solution for this is from ManageEngine. Called ADManager plus it will do so much more than the delegation and compliance will be happy because you will be removing the ability to have the delegates go into AD directly. You could also allow the end users to self service with another product of theirs called AD Self service plus.
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 41899905
If RSAT Tools are installed on their workstations they can use ADUC on their machine without having to RDP to another machine.

You could also write a PowerShell script to reset the password.  It's easier if they have the RSAT tools installed locally because then they have immediate access to the AD cmdlets.
Import-Module ActiveDirectory
$uname = Read-Host "Enter username"
Set-ADAccountPassword -Identity $uname -NewPassword (Read-Host -AsSecureString "New Password") -Reset

Open in new window


If RSAT tools are installed locally, you can use the techniques shown in this link to get access to the AD cmdlets through another machine.
https://blogs.technet.microsoft.com/ashleymcglone/2013/06/27/how-to-use-the-2012-active-directory-powershell-cmdlets-from-windows-7/
0
 
LVL 10

Expert Comment

by:Kevin k
ID: 41900435
You can use PowerShell for this: http://deployhappiness.com/reset-user-passwords-with-ad-self-service-portal/
Users can use text messages to reset their password. Their phone is linked to their account which provides an extra layer of security.

Another option, you can use third party applications, like:

Lepide Active Directory Self Service

Quest Password Manager

Hope this helps!
0
 
LVL 39

Expert Comment

by:footech
ID: 41904594
If RSAT tools are installed locally...
BTW, that should read, "If RSAT tools aren't installed locally..."
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question