Another option is to store the secret question/answer in the AD object, itself. You can easily create new attributes for user objects and then limit access to those attributes. That way, only an admin, or your CF service account, would have access to view the question/answer attribute. This would keep all the information in a single place. You can reset the password using a few methods, listed in order of easy to not-so-easy. 1. CFEXECUTE using "NET USER". Basically, you run a command line program that changes the password of the domain account. In a command prompt, type "net user /?" for more information. 2. Create/Use a VB/COM/.NET object to change the password via ADSI. 3. Connect ColdFusion's CFLDAP tag to AD using SSL. Then, you should be able to use the unicodePwd attribute to set the password. (I have never attempted this, but I think it's possible.) It is also common to send an email message to a secondary email address that could be stored in the AD user object, as well. The main consideration is making sure that you require information that only one person may know. Mike
_____ From: Alejandro Reyes [mailto:[email protected]] Sent: Thu 4/30/2009 9:00 PM To: cf-talk Subject: Self Serve Password reset tool to users stored in AD I have a new project that I am being asked to create a self serve password reset tool for an intranet and the user info is stored in AD. I plan on having the users store answers to secret questions in a mySql DB and once the user authenticates using the secret question method forcing the user to update the AD password. Is this the best approach? Does anyone have any examples or suggestions? I am new to Coldfusion and coldfusion is the preferable solution but I am open to anything else. Thank you Alejandro ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:322097 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
