Being an administrator, managing active directory for a big network means a lot of responsibilities. Amongst all the crucial tasks that administrators execute in a day, one which takes up pretty a significant quantity of time and at times truly frustrating is changing or resetting user passwords. Other than this, the aid desk guys are also busy in raising tickets for requests such as modify of user account facts and unlocking the user accounts.
A frequent query heard from Active Directory administrators is "Can anybody assist in installing the snap-in for Active Directory Users and Computers on my XP Pro (SP2) method?" or "I am tired of visiting the server every time to reset people's passwords, how do I install Active Directory Users and Personal computer snap-in, my DC is Windows Server 2000?"
From such questions, 1 thing is apparent that Active Directory Users and Computers snap-in assists administrators from the hassle of repetitive resetting of user account passwords.
So what is Active Directory Users and Computers snap-in?
Windows Server 2003 Administration Tools Pack (adminpak.msi) comes with a regular MMC snap-in console referred to as the Active Directory Users and Computers. This server management tool, permits administrators to manage Windows Server 2000 and 2003 household from remote systems. In order to use this tool, administrators are necessary to install an MSC file for AD Users and Computers along with registered DLL files (dsadmin.dll, dsuiext.dll and dsuiwiz.dll). With the assist of this console, administrators can execute Exchange particular tasks like resetting of user passwords and also manage various Exchange domains. Default "Built-in" and "User" containers present in this snap-in, aid administrators create user objects for altering user account facts.
Loopholes in AD Users and Computers snap-in
Commonly when passwords are reset employing Active Directory Users and Computers console, the following error is generated:
"Windows can not total the password alter for Userx given that:
The password does not meet the password policy requirements. Check the minimum password length, password complexity, and password history requirements."
The most frequent circumstances when this error message is displayed are mentioned below:
1. Password length is too brief as per the password length policy.
two. Password selected has been used much more than the number of occasions specified in the password history requirements.
three. The domain security password policy is too restrictive for the password you are trying to reset.
four. The policy is unavailable and has not been applied to the domain controller that is being applied to reset the password.
All these challenges typically take place when there are inconsistencies in the password policy settings or in the domain security settings. To resolve these concerns it is required to verify the domain security settings and identify what all password policies are not met according to the requirements. So, we see that the issue of saving time on user password reset procedure is not truly solved rather the matters get alot more complex with AD User and Computers snap-in.
Self service password reset
Isn't it just improved to pass over the controls of managing passwords and account information and facts to the end users themselves? Self Service password reset method such as Lepide Active Directory Self Service does just that. With this application, AD users can rest their own passwords, unlock their user accounts and also update their account information. And no, the administrators would nonetheless have an upper hand and security concerns would not be compromised, as only the enrolled users will be in a position to make use of this software program. Self service password reset active directory tool enables users to manage their own accounts without having sending requests to administrators, therefore saving theirs as well as administrator's time.
0 comments:
Post a Comment