Active Directory management & automation

Configure Password Reset

When resetting a user's password using Active Directory Web Interface, it is also possible to unlock the user's account, force the user to change the password at next logon, send a verification code to the user's mobile phone, etc. In this tutorial you will learn how to determine which options are available to users when resetting passwords, specify which Account Options to select by default, and define how to generate the initial password.

On the computer, where the Web Interface is installed, start the Web Interface Customization tool.

In the Interface type drop-down list, select the Web Interface you want to configure.

Activate the AD Management tab and click Customize Operations.

Select Reset Password in the Operations list and customize the operation on the Operation Configuration tab located to the right.

New Password

  • Default value: specify a template to be used to generate a default password. To generate passwords based on properties of the user whose password is reset, you can use value references (e.g. %username%, %department%). Value references will be replaced with corresponding properties of the user account.

    For example, if you use the following template: %firstname%%lastname%, the default password will consist of the first name and last name of the user whose password is reset.

    Alternatively, you can configure Adaxes to generate a random password by default. For example, the following template: %adm-RandomString,12% can be used to set the default password to a random string of the length of 12 characters.
  • Read-Only: if this option is selected, it will not be possible to change the default password.

Available Actions

  • Generate: allows users to generate a random complex password that meets complexity requirements of the password policy applied to the user whose password is reset.
  • Spell Out: allows viewing the new password spelled out using the phonetic alphabet.
  • View Password Policy: allows viewing the password policy applied to the user whose password is reset.

Account Options

  • Default value: specify which Account Options you want to be selected by default when resetting a user's password.
  • Read-Only: if this option is selected, it will not be possible to change the default Account Options.
  • Visible: select this option to completely hide the Account Options section. If the section is hidden, default Account Options are applied.

    For example, if you want to force users to change the password at next logon, you can select the User must change password at next logon option in the Default value section, and then hide Account Options.

  • When resetting password for a single user, always use their Account Options by default: if this option is selected and a password is reset for a single user, the user's Account Options will be used as the default Account Options.

Additional Operations

  • If the Unlock Account option is enabled, it will be possible to unlock accounts when resetting passwords.

  • If the Send SMS verification code option is enabled, it will be possible to verify the identity of the user with an SMS code.

    For example, if a Help Desk operator needs to validate the user's identity before resetting a password, they can do that with the help of an SMS verification code sent to the user's mobile phone.

    The option to send SMS verification codes will be available only when SMS Settings are configured for Adaxes service.

    To configure SMS settings, right-click your Adaxes service in Adaxes Administration Console, click Properties in the context menu, and activate the SMS Settings tab.

Users can also reset passwords from the Home Page. By default, the settings of the Reset Password operation are also applied to Home Page Actions, however you can configure each Home Page Action differently. For more details, see Reset Password.
? Waiting

Progress status: Checking...