Self service Active Directory utility to benefit users and administrators

Published: 22nd November 2011
Views: N/A

For users configured to AD database, self service Active Directory utility is essential as it is for administrators who manage the Active Directory. This is because administrators are frequently bugged by the requests of updating profile information or resetting account password or unlocking a locked account. All these requests require raising tickets which causes backlogs and affects productivity. With self service Active Directory systems, users are able to perform these tasks on their own and admin personnel are just required to keep a tab on the changes made by users. Active Directory managers have some options to implement the self service functionality, which are discussed here in detail:

Option 1

Windows Active Directory comes with various ADAM (Active Directory Administration) Tools that help administrators to carry out tasks related to ad management. One such tool is the Users and Computers snap-in console which is a standard MMC console provided in the Administration Tools Pack (adminpak.msi). This console can be considered as a self service Active Directory utility, especially for administrators, to make changes to the user account information and reset user passwords without visiting the server each time.
There are default “Built-in” and “User” containers in the Users and Computers snap-in which help in specific tasks such as resetting passwords of Exchange accounts and manage user accounts in multiple domains, etc. The password reset procedure using the Users and Computers snap-in is however, quite complex and requires making changes to the domain security settings as well as the password policy settings. Discrepancies in meeting these requirements can end up in generation of errors thus rendering it impossible for administrators to successfully perform user account modification.

Option 2

For Windows Active Directory an identity management (IDM) solution in the form of a hotfix is offered in the FIM (Forefront Identity Management) 2010 Update 1 package. This package is apt for Windows Server 2008 R2 family and offers the feature of Self Service Password Reset (SSPR) to AD administrators and end users. This self service Active Directory console enables users to reset their passwords without requesting the administrators to raise tickets for the same. The administrators make sure that the security policies of the organization are not breached by configuring the Password Policy Enforcement in FIM SSPR. By enabling the self service password reset to enforce all domain policies which use the registry value ‘ADMAEnforcePasswordPolicy’, users can be given the authority to reset their own passwords. However, this method is also prone to errors as many a time it is seen that the Active Directory management agent (ADMA) is not issued the authority to set passwords for the target user objects.

Third party option and benefits

Since it is evident that using the AD tools and hotfixes not always solves the issue of managing user accounts, third party solutions can be searched for. Lepide Active Directory self service tool is an efficient utility that can be used by administrators to allow users manage their own accounts. With the help of this self service Active Directory software, users can reset their own passwords, unlock their accounts as update their account information without depending on the help desk personnel. The benefits are aplenty for both the end users and AD administrators.

The author Lepide Software of this article is a network administrator with many years of experience in managing Windows Active Directory. This article explains all about the benefits of having a self service active directory system for AD users which can help them manage their own accounts, unlock locked accounts and reset password active diectory without relying on the administrator.

Report this article Ask About This Article

More to Explore