User Password Change And Reset Permissions for Active Directory

Follow

Users can perform password changes and password resets with Clearlogin.

Password changes are when the user knows their current password and would like to change it.

Password resets are when the user has forgotten their password and has enrolled in account recovery. After receiving an SMS token and answering their security question, they can reset their password. This feature is only available to Clearlogin Enterprise customers.

 

Clearlogin performs LDAP password operations using the configured Bind DN and password specified in your LDAP server configuration.

Password changes can be performed by what Microsoft considers a "Password Reset" or "Password Change". Select the desired option in your LDAP Server configuration. Password Change will more strictly enforce password policy requirements, such as password history.

The bind user must have the following permissions for the User object to perform a password reset:

  • Change Password 
  • Reset Password 
  • Read userAccountControl 
  • Write userAccountControl
  • Read pwdLastSet
  • Write pwdLastSet

 

The bind user must have the following permissions for the User object to perform a password change:

  • Change Password 
  • Reset Password 
  • Read userAccountControl 
  • Write userAccountControl
  • Read pwdLastSet
  • Write pwdLastSet

 

We do not currently support password changes over the GC ports at this time.

Have more questions? Submit a request

Comments

Powered by Zendesk