Configure Password Reset
When resetting a user's password using Active Directory Web Interface, it is also possible to unlock the user's account, force the user to change the password at next logon, send a verification code to the user's mobile phone, etc. In this tutorial you will learn how to determine which options are available to users when resetting passwords, specify which Account Options to select by default, and define how to generate the initial password.
Default value: specify a template to be used to generate a default password.
To generate passwords based on properties of the user whose password is reset, you
can use value references (e.g. %username%,
%department%). Value references will be replaced with
corresponding properties of the user account.
For example, if you use the following template: %firstname%%lastname%, the default password will consist of the first name and last name of the user whose password is reset.
Alternatively, you can configure Adaxes to generate a random password by default. For example, the following template: %adm-RandomString,12% can be used to set the default password to a random string of the length of 12 characters.
- Read-Only: if this option is selected, it will not be possible to change the default password.
- Generate: allows users to generate a random complex password that meets complexity requirements of the password policy applied to the user whose password is reset.
- Spell Out: allows viewing the new password spelled out using the phonetic alphabet.
- View Password Policy: allows viewing the password policy applied to the user whose password is reset.
- Default value: specify which Account Options you want to be selected by default when resetting a user's password.
- Read-Only: if this option is selected, it will not be possible to change the default Account Options.
Visible: select this option to completely hide the Account Options section.
If the section is hidden, default Account Options are applied.
For example, if you want to force users to change the password at next logon, you can select the User must change password at next logon option in the Default value section, and then hide Account Options.
- When resetting password for a single user, always use their Account Options by default: if this option is selected and a password is reset for a single user, the user's Account Options will be used as the default Account Options.
If the Unlock Account option is enabled, it will be possible to unlock
accounts when resetting passwords.
If the Send SMS verification code option is enabled, it will be possible to verify
the identity of the user with an SMS code.
For example, if a Help Desk operator needs to validate the user's identity before resetting a password, they can do that with the help of an SMS verification code sent to the user's mobile phone.
The option to send SMS verification codes will be available only when SMS Settings are configured for Adaxes service.
To configure SMS settings, right-click your Adaxes service in Adaxes Administration Console, click Properties in the context menu, and activate the SMS Settings tab.