Solved

Allowing users to reset other peoples password w/o logging into ADUC

Posted on 2016-11-23
4
59 Views
Last Modified: 2016-11-28
I gave several department supervisors the ability to reset their departments password by using Delegated Permissions.  Is there a tool they can use on their desktop to reset the passwords without having to RDP into the AD server?

Server 2012
0
Comment
Question by:Larry Kiterling
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 

Expert Comment

by:Jeff Dunn
ID: 41899562
The best solution for this is from ManageEngine. Called ADManager plus it will do so much more than the delegation and compliance will be happy because you will be removing the ability to have the delegates go into AD directly. You could also allow the end users to self service with another product of theirs called AD Self service plus.
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 41899905
If RSAT Tools are installed on their workstations they can use ADUC on their machine without having to RDP to another machine.

You could also write a PowerShell script to reset the password.  It's easier if they have the RSAT tools installed locally because then they have immediate access to the AD cmdlets.
Import-Module ActiveDirectory
$uname = Read-Host "Enter username"
Set-ADAccountPassword -Identity $uname -NewPassword (Read-Host -AsSecureString "New Password") -Reset

Open in new window


If RSAT tools are installed locally, you can use the techniques shown in this link to get access to the AD cmdlets through another machine.
https://blogs.technet.microsoft.com/ashleymcglone/2013/06/27/how-to-use-the-2012-active-directory-powershell-cmdlets-from-windows-7/
0
 
LVL 13

Expert Comment

by:Ajit (Kevin k)
ID: 41900435
You can use PowerShell for this: http://deployhappiness.com/reset-user-passwords-with-ad-self-service-portal/
Users can use text messages to reset their password. Their phone is linked to their account which provides an extra layer of security.

Another option, you can use third party applications, like:

Lepide Active Directory Self Service

Quest Password Manager

Hope this helps!
0
 
LVL 40

Expert Comment

by:footech
ID: 41904594
If RSAT tools are installed locally...
BTW, that should read, "If RSAT tools aren't installed locally..."
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question