UMRA – Reset Active Directory Password From Web

7:44 PM / Comments (0) / by Tech Admin

Tools4Ever’s Product Downloads Below.

Download User Management Resource Administrator > Download
Download Self Service Password Reset Manager SSRPM >Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.

UMRA – Reset Active Directory Password From Web

Like most schools, or business users who forget their passwords, and need to call the help desk to get them changed is a daily occurrence. Now, in most cases the user might have multiple login for different applications, so changing these other applications passwords might take emailing different departments, or emails to different vendors to get them changed. Now, as you know this is very time consuming and there is a lot of overhead in trying to reset all these password, so is there a way to combine all these password reset requests into one work flow? Yes, with UMRA you can. Now, keep in mind that there are limitations in this process such as, maybe your applications does not have an API COM or another method to connect to it, so in that case you might be out of luck, however like most enterprise software you have a way to connect to these systems. So how do I reset these passwords you ask? Easy, UMRA has the ability to connect to MSSQL, MYSQL, ORACLE, Access… really any ODBC compliant database. UMRA also has the ability to use Microsoft Windows PowerShell, but wait; you can also create your own Microsoft Windows PowerShell Actions and import them into UMRA. Yes, so with UMRA you are not limited to the functions that are built in, you can now make your own, custom password reset functions.

Ok so let’s get down to it, I will go over at a high level on how you would go about creating a script that can reset the Active Directory Password, and other downstream systems at the same time. First though before you start this process, you should read some documentation on how your downstream systems support is, see if they have the ability to call an API or COM etc. to reset a password.

Step 1
Create UMRA project that will take a parameter such as username, accounted etc. This project needs to be able to pass the correct identifier to Active Directory, and your downstream applications. For example, in your other application, if the users are marked with a special ID, you will need to link those ID’s up to the accounts in Active Directory. In most cases, if you’re lucky the same accountname in Active Directory will be the same id for the user in the other downstream system.

Step 2
Now that you have a link from the user in Active Directory and your other application, first step should be to change the password in AD, then your other application, now changing the password for your user in active directory is the simple part, however, changing your applications password is really where is where this will vary, depending on your app, you will need to do a call a command line function in UMRA for an AS400 system, maybe call a VbScript, etc.

Step 3
So now that you have your UMRA project built, you can now build a simple ASP PHP .NET etc. webpage to search for users, and then a hyperlink to call the UMRA COM object to fire off your project. (If you need help with this see my other blog posts)

So there you go, as you can see some very simple steps on how to change passwords in Active Directory and other systems. This is great way to keep all user passwords in sync.

Blog Update July 26th 2009

So you might notice on a few of your favorite blogs that I am updating them with some new and fresh content, why you ask? I am trying to give more deatail on how to do these tasks in more detail, and expand more on the high level overview i typicaly give in my blogs. I've also notice over the last month of so, this topic has been getting quite a few hits, so i fugured to update it some. So lets dig a littler deeper on some of the tips on how to do this from the web, and some of the tricks in linking all this up.

UMRA – Reset Active Directory Passwords

Now some of you might be wondering what /how does
UMRA actually change the user account in Active Directory? UMRA runs its service under an active directory account that has domain admin rights. So if you were to reset a users password that did not meet your active directories password complexity, it would throw back an error. Just liek we mentioned above, when I do my UMRA Portal
Password Resets I always have a "errorflag" variable set, at first it starts off at the value "0" and if any part of my script throws an error, I have it GOTO error portion in my script, this will in turn will set the "errorflag" variable to the value "1". In your UMRA PHP ASP .NET webpage etc. you will just check the return variable of errorflag, if its equal to 0 then you know ther was no error in the script, and the users password was changed, if it set to 1, something was wrong with the script, since you pass this script 2 paramaters, 1 is the samaccountname of the user you want to change, and the other is the password. You know you will find the user in active directory, unless someone just deleted the user, so the error must be on the password change. So if the user enteres someting that does meet your active directories password complexity, then it will throw an error trying to set the password. In some cases you can get even more fancy if you like, and if you want to throw an error jut in case its a username error, then you can have your script drop down to a differnt part of the script, and change the "errorflag" value to "2" instead of one, and then in your UMRA PHP ASP .NET webpage etc. you would see what the # is equal to, if its 2 then you know there was an error, and you will be kicking back a response like "Count not connect to user" or something like that.

As I've talked about in the top part of this blog, not only can you cange password in Active Directory, but you can also change passwords in other systems if you have the right permissions. Permissions? Yes, if your other application such as an AS400 alows for remote passwords to be sent to your AS400 for changing then you can, but you have firewall block, software blocks etc, you might run into a little trouble chaning these passwords. You can follow the same logic as I gave above to intagrate some really nice error handing. Then on your webpage, you can tell if you change your users active directory password succesfully, and then make sure you changed your user AS400 password successfuly. If both were successful, you now just sync both password up in two different systems.

Posted in:

Submit Article :- BlinkList + Blogmarks + Digg + Del.icio.us + Ekstreme Socializer + Feedmarker + Furl + Google Bookmarks + ma.gnolia + Netvouz + RawSugar + Reddit + Scuttle + Shadows + Simpy + Spurl + Technorati + Unalog + Wink

This entry was posted on 7:44 PM and is filed under . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

0 comments:

Post a Comment

 
-->