how to enforce password history for ADUC password reset

Discussion in 'Active Directory' started by Chris, Apr 19, 2009.

  1. Chris

    Chris Guest

    As I understand that when an domain admin reset user password using ADUC it
    will ignore the AD group policy for password history. Is there a way to even
    enforce the password history policy for domain admin resetting password with
    ADUC?

    Thanks.
     
    Chris, Apr 19, 2009
    #1
    1. Advertisements

  2. I don't believe this can be done. If password history applied when admins
    set a password, they could potentially determine one of the passwords in
    history. We don't want admins to have any idea what passwords a users
    selects.
     
    Richard Mueller [MVP], Apr 19, 2009
    #2
    1. Advertisements

  3. Chris

    Marcin Guest

    Chris - not natively - as far as I recall, Quest Password Manager provides
    this functionality...

    hth
    Marcin
     
    Marcin, Apr 19, 2009
    #3
  4. Hello Chris,

    With builtin options you can not do this, as far as i know.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Apr 19, 2009
    #4
  5. the admin should in addition also configure the account with "change
    password at next logon" so that the user changes it. When it is changed the
    new password must confirm the password history setting. With that it should
    not be a problem.
    if you do not trust people to do their work correctly according to
    procedure, then they should NOT be an admin

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
     
    Jorge de Almeida Pinto [MVP - DS], Apr 19, 2009
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.