Environment
Self Service Password Reset
SSPR 3.2
AD Environment
Active Directory as LDAP directory
SSPR 3.2
AD Environment
Active Directory as LDAP directory
Situation
How to to force user to change password at next logon after an SSPR Helpdesk user has reset password.
Using SSPR to set the 'user must change password at next logon' flag.
User can't change the password through SSPR after it was reset through help desk module.
Using SSPR to set the 'user must change password at next logon' flag.
User can't change the password through SSPR after it was reset through help desk module.
Resolution
Configure SSPR to change the value of the "pwdLastSet" ldap attribute in Active Directory to "0" when the password is reset through the SSPR helpdesk module. AD considers a value of "0" in the ldap attribute "pwdLastSet" to be the same as setting the flag 'user must change password at next logon.'
Steps:
In SSPR Config Manager --> Modules --> Helpdesk --> Post Set Password Actions (Advanced)
Click "Add Value" Assign Name and description
Select "ldap" from the drop down
Click "options" and add attribute name and value
Attribute name: pwdLastSet
Attribute Value: 0
Steps:
In SSPR Config Manager --> Modules --> Helpdesk --> Post Set Password Actions (Advanced)
Click "Add Value" Assign Name and description
Select "ldap" from the drop down
Click "options" and add attribute name and value
Attribute name: pwdLastSet
Attribute Value: 0
Additional Information
The "Helpdesk Actor Actions (Advanced)" (also in Modules --> Helpdesk) can also be used to change this attribute.