We use AD Manager here but, not for password resets. We use Delegation to control which OUs passwords can be reset in and who can reset them.
Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory & Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: [email protected]<mailto:[email protected]> Office: 610.550.3595 | Mobile: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [cid:[email protected]] From: [email protected] [mailto:[email protected]] On Behalf Of Maglinger, Paul Sent: Wednesday, October 02, 2013 8:35 AM To: '[email protected]' Subject: RE: [NTSysADM] AD Password reset tool - Need a recommendation Not fully everything you mention, but ADManager isn't bad for a 3rd party tool. Can't something like this be set up in GPO? -Paul From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jon D Sent: Wednesday, October 02, 2013 7:04 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] AD Password reset tool - Need a recommendation Upper management wants our helpdesk staff to be able to reset users AD passwords. I'm wondering what tool other people use for this type of situation. These staff can't be trusted very much IMO, in general they don't seem to care about security. Ideally I would like something with an audit trail, something that can block out certain accounts from being reset, and maybe a challenge response mechanism so they have to have the end-user answer a question or two before it will reset their password. Does anyone know of or use any good tools out there like this? Thanks, Jon Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email.
<<inline: image001.jpg>>
