?
Solved

Allowing users to reset other peoples password w/o logging into ADUC

Posted on 2016-11-23
4
Medium Priority
?
62 Views
Last Modified: 2016-11-28
I gave several department supervisors the ability to reset their departments password by using Delegated Permissions.  Is there a tool they can use on their desktop to reset the passwords without having to RDP into the AD server?

Server 2012
0
Comment
Question by:Larry Kiterling
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 

Expert Comment

by:Jeff Dunn
ID: 41899562
The best solution for this is from ManageEngine. Called ADManager plus it will do so much more than the delegation and compliance will be happy because you will be removing the ability to have the delegates go into AD directly. You could also allow the end users to self service with another product of theirs called AD Self service plus.
0
 
LVL 40

Accepted Solution

by:
footech earned 2000 total points
ID: 41899905
If RSAT Tools are installed on their workstations they can use ADUC on their machine without having to RDP to another machine.

You could also write a PowerShell script to reset the password.  It's easier if they have the RSAT tools installed locally because then they have immediate access to the AD cmdlets.
Import-Module ActiveDirectory
$uname = Read-Host "Enter username"
Set-ADAccountPassword -Identity $uname -NewPassword (Read-Host -AsSecureString "New Password") -Reset

Open in new window


If RSAT tools are installed locally, you can use the techniques shown in this link to get access to the AD cmdlets through another machine.
https://blogs.technet.microsoft.com/ashleymcglone/2013/06/27/how-to-use-the-2012-active-directory-powershell-cmdlets-from-windows-7/
0
 
LVL 14

Expert Comment

by:Ajit Singh
ID: 41900435
You can use PowerShell for this: http://deployhappiness.com/reset-user-passwords-with-ad-self-service-portal/
Users can use text messages to reset their password. Their phone is linked to their account which provides an extra layer of security.

Another option, you can use third party applications, like:

Lepide Active Directory Self Service

Quest Password Manager

Hope this helps!
0
 
LVL 40

Expert Comment

by:footech
ID: 41904594
If RSAT tools are installed locally...
BTW, that should read, "If RSAT tools aren't installed locally..."
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question