Login with my domain admin account import-pssession $session Now the way I currently reset a users password (as the office365 webapp does not allow manually setting of passwords) is to run powershell off my IT laptop with the exchange, azure admin and azure sign in assistant plugins, and enter the following commands: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -credential $UserCredential -Authentication Basic –AllowRedirection I am well aware how poor these practices are and have been pushing hard to get them changed, but that is another matter. The only other option I see available to me is to reset the users exchange password (I'll explain the process I follow below) and have the user call me every time he is unable to login to something, go to it, and reset his password or (in some cases) create him a new account (which is not at all ideal as he will loose all of the linked data he has built up over the years) and start again. The user does not know their password, and without the masterlist I can't see what it is. This has probably been the case for months but was only just noticed when I had to set them up with a new tablet. However, in this circumstance, the user, for whatever reason, is not in the masterlist. ![]() Now when a user forgets their password (especially our mobile guys as they receive their phones/tablets already logged in and rarely know their passwords) we consult the master list. All of this is transparent to the end user, as far as they are concerned, they only have one account across everything because they're logins are the same for everything, but that is because we manually set their credentials as the same. The online exchange is the heart of our business, not the active directory.Äue to this, passwords are set to never expire, and a masterlist is kept of all users and their passwords. There is propriety software in place that does not sync with anything and we manually create user accounts within these various programs/databases, and just manually set their credentials to the same ones they use to login to their office 365 account. ![]() My organization has an active directory, but it is used solely for remote terminal services. The crux of it is, I need to see what a users password currently is, not just reset it. ![]() This question is going against the grain of every best practice I've been taught, but it's a larger issue with my current organization.
0 Comments
Leave a Reply. |