Automatically Unlocking User Accounts After a Forgotten Password Reset

Follow

Overview

The steps required to give (delegate) the Clearlogin Active Directory bind/service account the permissions to unlock a user account.

Requirements

  • Domain Admin permissions to setup the delegation.
  • Clearlogin AD bind account
  • The Organizational Unit (OU) where the user accounts are managed.

Steps to Configure

  1. Open Active Directory Users and Computers

  2. Right-Click the Organizational Unit (OU) that contains the user accounts, and choose Delegate Control.

  3. Add the Clearlogin bind/service account, and click Next



    4. Select Create a custom task to delegate, and click Next


    5. Select Only the following objects in the folder
   
    6. From the list, select User objects

    7. Click Next

 
    8. Deselect General

    9. Select Property-specific

    10. Scroll down and select Read lockoutTime & Write lockoutTime

    11. Click Next

 
    12. Review and click Finish

 

Removing Delegated Permissions

  1. Open Active Directory Users and Computers

  2. Right-Click the Organizational Unit (OU) that contains the user accounts that Clearlogin manages, and choose Properties

  3. Select the Security tab

  4. Select the Clearlogin bind/service account

  5. Click the Remove button

  6. Click OK


Have more questions? Submit a request

Comments

Powered by Zendesk