0 votes

Hi,

We are a European branch of a US company, our Exchange server is in US and talks to the US DC.

This leads to the situation that when our helpdesk resets a password, in order to make the reset effective immediately for the user, they need to perform the reset for internal users on the local DC and for external users on the US DC.

Would there be any way to have the team choose the DC to perform the reset on when resetting passwords through web UI? Even better would be if it could be scripted based on OU the user resides in.

Thanks!

by (970 points)

1 Answer

0 votes
by (215k points)
selected by
Best answer

Hello,

There is no such possibility. As a workaround, you can install an instance of Adaxes service and Web Interface in each site. In this case, the Web Interfaces will connect to the closes service, and the services will connect to the nearest available DCs, making password change effective immediately.

The Adaxes Services, in their turn, can share a common configuration. This means that you do not need to configure each service separately. A change in the configuration of one of the services will be replicated to the other ones immediately. Also, when configuration is shared, you can use one license for all the service instances that share the configuration. For information on how to share configuration between services, have a look at the following help article: http://www.adaxes.com/help/?HowDoI.Mana ... ation.html.

Finally, you can configure your DNS so that all the Web Interfaces have the same address, but users will be redirected to the necessary Web interface server depending on which site they are in.

0

Thanks, while that approach might work for other situations, for what I am trying to accomplish it seems a bit too convoluted.

Right now I am trying the following:

- Created a business rule that triggers after a password reset is done
- Add powershell script action that sets the password for the user on the US DC using Set-ADAccountPassword with -Server parameter pointing to the US DC

Now I am running into the issue that when I value reference the AD object the reset is done for (I tried both %username% and %sAMAccountName%) I get

The term 'Set-ADAccountPassword' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

If I specify a specific account manually instead of the value reference the command works, could you point me in direction to troubleshoot this please?

0

Update:

I now cannot replicate the command succeeding when specifying the account directly instead of using value reference so please disregard my comment about that.

I tried now also with the Set-AdmAccountPassword command but same result, this is the code I am using :

Set-AdmAccountPassword -Identity %sAMAccountName% -Reset -NewPassword (ConvertTo-SecureString -AsPlainText %unicodePwd% -Force) -Server ourdc.ourdomain.com
0

Hello,

Adaxes uses PowerShell 2.0, so you need to import PowerShell modules explicitly:

Import-Module Adaxes

Set-AdmAccountPassword -Identity "%sAMAccountName%" -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "%unicodePwd%" -Force) -Server ourdc.ourdomain.com

Note, however, that such an approach can cause issues when Active Directory performs password replication. We strongly do not recommend it.

0

Thanks for the explanation and warning, did not consider that.

Resolved it now by adding a home page action that triggers a custom command on user object, in the custom command i use the powershell code to reset the password on the appropriate DC based on the OU the user account is located in. This works now.

Thanks for the help!

Related questions

0 votes
1 answer

Hello, Is it currently possible to modify what is sent to users initiating a password reset?

asked Aug 13, 2017 by polley (4.2k points)
0 votes
1 answer

We are looking to implement an email going to the manager of end user and end user that a password request was performed. We will use this a security measure similar to ... this to be a great stop gap measure for security. Please advise if this is possible.

asked Dec 9, 2016 by willy-wally (14.9k points)
0 votes
0 answers

Hi, Not worked with Adaxes before and just as I joined company we've had domain migration in place. After migration, whenever we want to access Exchange properties of a user ... works fine across domain..? Any ideas, however basic they may be?? regards Robert

asked Oct 16, 2019 by roberttryba (450 points)
0 votes
1 answer

Hello, is it possible to know which controller domain is connected to adxes ? and may be forced Adaxes has to connect to a domain controller in particular ? Thx.

asked Jun 23, 2014 by mmichard (3.7k points)
0 votes
1 answer

Is there an easy way to tell the system to use a specific Domain Controller? I'm trying to set up a custom command to add an email address to a large group of users (we're ... .#qU(#3c operation) at #Oc.#Nc.Execute() --- End of inner exception stack trace ---

asked May 8, 2013 by danftasc (3.4k points)
2,251 questions
2,011 answers
5,504 comments
24,624 users