cancel
Showing results for 
Search instead for 
Did you mean: 

AD Password management -good doc?

Highlighted
Contributor

AD Password management -good doc?

It's my understanding that in order for IVE to handle password expiration you have to query AD as an LDAP authentication source because the samba (regular AD authentication source) doesn't support password expiration. Is that correct?

Also, NPS won't handle password expiration either correct?

Does anyone have any good docs/how-tos on how to setup IVE and AD to support password managment? I've seen conflicting information on in-house and public certs, where there installed (IVE or AD), etc.

So if anyone has a step-by-step that would be a huge help.

Thanks for the time.

7 REPLIES 7
Highlighted
Respected Contributor

Re: AD Password management -good doc?


@imanenvoy wrote:

It's my understanding that in order for IVE to handle password expiration you have to query AD as an LDAP authentication source because the samba (regular AD authentication source) doesn't support password expiration. Is that correct?


No, that is not correct. A good place for this information is the admin guide.

The AD/NT auth server instance supports password management. What is NOT supported is password expiration notifcation or any other password notification messages._

Highlighted
Frequent Contributor

Re: AD Password management -good doc?

Port 389 usind LDAP and Active Directory

Highlighted
Contributor

Re: AD Password management -good doc?

Sorry let me rephrase. Users can change their passwords but don't get any password message or notification or prompt that their password has or is going to expire. On the day their password expires if they login they won't get prompted for a new password. Correct?

Highlighted
Respected Contributor

Re: AD Password management -good doc?

yes, other than on the day of expiration, that is correct. those messages and behavior is available _only_ through the LDAP server type (which communicates with your AD server). on the day the password expires, they should see a message that the password has expired and needs to be changed and the change done.
Highlighted
Not applicable

Re: AD Password management -good doc?

Hi,

Here is your solution

http://www.lepide.com/active-directory-self-service.html_

Try the trial version first.

Highlighted
Occasional Contributor

Re: AD Password management -good doc?

I'm a bit confused... checking on the Admin Guide it seems that AD and NT Domain authentication can manage the password about to expire (warning as long as 14 days before the password expire). I'm wrong on this? It's on page 163-165 of the SA Admin Guide.

Highlighted
Respected Contributor

Re: AD Password management -good doc?

That is when you are using the LDAP server type talking to an AD server on the backend. It is in the section regarding LDAP password management and notes about specific policies applicable to the specific LDAP servers the IVE can communicate with (e.g. AD). The table on page 164-165 (using the 7.1R1 admin guide) it shows what you can get with the AD/NT server type.