Due to several users experiencing problems with successful password resets done using their personal information we have created a group in AD that will deny this functionality.
If a user requests this functionality, a member of the Security Administration team can assign a group called DISABLEDRESET.
This security group removes the ability for the user to self-service reset their password, and also removes the ability from the Support Center to be able to reset passwords.
Accounts that have this security group added on should have a passphrase stored in iSupport that has been provided to Security for resetting the password. If this passphrase is not in iSupport, or has been given incorrectly please contact the Security Administrators before proceeding with a password reset.
A user is trying to reset their password and is getting a message that this functionality has been disabled, or a user is requesting to disable the self-service functionality.
These are the steps to resolve the problem.
- In AD Tools Users and Groups
- Find the user account
- In the member of section look to see if they are a member of the DISABLEDRESET group.
- If the user is ...
- not currently in this security group but is requesting to have this functionality added to their account ...
- ask for their information and route a ticket to the Security Administration team so that they may follow up with the user and then make the necessary changes to the account.
- currently in the DISABLEDRESET group and is wanting their password reset and...
- has a passphrase stored in iSupport
- ask them for the passphrase and verify before resetting their password using the AD Tools.
- if the passphrase is given incorrectly refrain from further resetting their password and route the ticket to the Security Administration team so that they may follow up with the student.
- If the passphrase is correct proceed with resetting the password using the AD Users and Groups tool.
- does not have a passphrase stored in iSupport
- explain to the user that a member of the Security Administration team will be following up with them to complete their request.