Active Directory management & automation

Tutorials

Configure Password Reset

When resetting a user's password using Active Directory Web Interface, it is also possible to unlock the user's account, force the user to change the password at next logon, send a verification code to the user's mobile phone, etc. In this tutorial you will learn how to determine which options are available to users when resetting passwords, specify which Account Options to select by default, and define how to generate the initial password.

On the computer, where the Web Interface is installed, start the Web Interface Customization tool.


In the Interface type drop-down list, select the Web Interface you want to configure.



Activate the AD Management tab and click Customize Operations.



Select Reset Password in the Operations list and customize the operation on the Operation Configuration tab located to the right.

New Password

  • Default value: specify a template to be used to generate a default password. To generate passwords based on properties of the user whose password is reset, you can use value references (e.g. %username%, %department%). Value references will be replaced with corresponding properties of the user account.

    For example, if you use the following template: %firstname%%lastname%, the default password will consist of the first name and last name of the user whose password is reset.

    Alternatively, you can configure Adaxes to generate a random password by default. For example, the following template: %adm-RandomString,12% can be used to set the default password to a random string of the length of 12 characters.
  • Read-Only: if this option is selected, it will not be possible to change the default password.

Available Actions

  • Generate: allows users to generate a random complex password that meets complexity requirements of the password policy applied to the user whose password is reset.
  • Spell Out: allows viewing the new password spelled out using the phonetic alphabet.
  • View Password Policy: allows viewing the password policy applied to the user whose password is reset.

Account Options

  • Default value: specify which Account Options you want to be selected by default when resetting a user's password.
  • Read-Only: if this option is selected, it will not be possible to change the default Account Options.
  • Visible: select this option to completely hide the Account Options section. If the section is hidden, default Account Options are applied.

    For example, if you want to force users to change the password at next logon, you can select the User must change password at next logon option in the Default value section, and then hide Account Options.

  • When resetting password for a single user, always use their Account Options by default: if this option is selected and a password is reset for a single user, the user's Account Options will be used as the default Account Options.

Additional Operations

  • If the Unlock Account option is enabled, it will be possible to unlock accounts when resetting passwords.


  • If the Send SMS verification code option is enabled, it will be possible to verify the identity of the user with an SMS code.

    For example, if a Help Desk operator needs to validate the user's identity before resetting a password, they can do that with the help of an SMS verification code sent to the user's mobile phone.


    The option to send SMS verification codes will be available only when SMS Settings are configured for Adaxes service.

    To configure SMS settings, right-click your Adaxes service in Adaxes Administration Console, click Properties in the context menu, and activate the SMS Settings tab.
Users can also reset passwords from the Home Page. By default, the settings of the Reset Password operation are also applied to Home Page Actions, however you can configure each Home Page Action differently. For more details, see Reset Password.
back to top

Delegating Permissions

Hide Active Directory objects from users
Grant rights to create users
Grant rights to modify account options
Allow managers to manage their teams
Grant rights to modify AD group membership
Grant rights to reset passwords and unlock accounts
Grant rights to create and modify Business Units
Deny rights to delete users
Grant rights to execute Custom Commands
Grant rights to modify specific properties of AD objects
Grant rights to move users between OUs
Grant permissions to perform Exchange tasks
Grant permissions to perform Office 365 management tasks

Automating Daily Tasks

Automate user home directory creation
Relocate home directories after disabling users
Automatically add users to groups by department
Add users to a specific group when they are disabled
Automatically change group membership using scripts
Move newly created users to a specific OU
Request approval for user deletion
Run PowerShell script after creating a user
Automate Exchange mailbox creation for new users
Automate Exchange mailbox configuration
Automatically assign Office 365 Licenses
Automatically enable users for Lync
Schedule tasks for AD management
Automatically set profile path for Remote Desktop Services
Send e-mail on adding members to specific groups
Send initial password to newly created users via SMS
Delete inactive computers from Active Directory
Automatically deprovision inactive AD users

Simplifying Data Entry

Auto-populate the company name when creating users
Change template for auto-generating user full name
Specify list of departments to avoid repetitive typing
Disallow specifying telephones without country code
Make Employee ID a required property & specify its format
Set default account options for new users
Validate/modify user input using a script
Predefine selection of Exchange mailbox stores
Automatically set account expiration date for new users
Generate initial password on user creation
Automatically set users' address based on their office
Provide custom help and tips for AD object properties

Active Directory Management

View & manage AD objects collectively
Create a Custom Command
Rename multiple AD users with one operation
Reset passwords for multiple users
Import user accounts from a CSV file
Schedule import of users from a CSV file
Modify Remote Desktop Services settings in bulk
Update user account options in bulk
Update multiple AD objects using PowerShell
View AD operations performed via Adaxes
Manage Fine-Grained Password Policies
Configure user deprovisioning
Manage and automate Office 365
Group AD objects based on logged in user

Web Interface Customization

Set custom logo and colors
Customize forms for user creation and editing
Customize Sign-In page and logon name options
Prevent users from viewing the Active Directory structure
Allow/deny access to the Web Interface
Disallow certain operations on Active Directory objects
Customize the Home page
Configure Home page actions
Configure the Active Directory pane
Customize Active Directory search
Configure Exchange tasks
Configure password reset
Put a custom message on the Change Password form
Hide specific Active Directory reports
Disable specific Web Interface components
Select the AD object types to be displayed in the UI
Manage Active Directory objects of a custom type
Configure columns in Active Directory object lists
Allow using templates for user creation
Customize Help and Support links
Prevent brute force attacks

Self-Service

Configure Password Self-Service
Autoenroll users for Self-Password Reset
Allow users to modify specific properties of their accounts
Request approval for Self-Password Reset
? Waiting

Progress status: Checking...

Information

Open Live Demo