AD Self Password Management

In an organization, almost 30% of the administrator time is spent resetting employees forgotten passwords and unlocking the locked out account. And the task of resetting forgotten passwords needs to be completed on prior basis because more will be the delay less will be the output. Therefore, to avoid the downtime and productivity loss, the task of resetting forgotten passwords becomes a bottleneck for the administrator.

To bypass this bottleneck, avoid employees' downtime, and increase productivity, every organization must implement a self-password reset solution that helps the employees to reset their passwords by their own. This means, the employees do not need to raise a password reset ticket, wait for the admin to reset the password. Let us see the below given figure to understand the importance of the self-password reset solution:

Lepide Active Directory Self Service (LADSS) helps increasing employees' productivity, reducing admin workload, and increasing ROI by enabling the employees to reset their passwords by themselves. With LADSS, any employee can reset his / her password using the web browser in just four steps and in just few moments:

LADSS reduces the help desk workload by empowering the administrator and end-users with the facility to:

• Authorize all domain users to reset their password from any remote computer through Web interface.
• Enables administrator to apply default policy for the entire domain.
• Empower the administrator to specify stringent question/answer policies to validate users' identity during enrollment.
• Empowers the end-users to select questions they are comfortable with and to type their own questions while enrolling in the software database.
• Ensure security by validating users' identity during password reset.
• Enables users to keep the old settings by selecting old database during software installation
• Minimize the helpdesk workload by enabling end-users to reset their password from any computer within LAN without taking any assistance from the help desk technician and without raising any ticket.
• Inform the administrator / help desk personnel about users whose password is going to be expired.

LADSS, furthermore, helps reducing / ending the list of reset password tickets. Following is the list of possible password reset tickets usually received by help desk professionals:

• I am not able to logon to my Windows XP account.
• Someone might have changed my password, as I am not able to login to my account. I want to reset my password.
• I forgot my account's password.
• I have changed my account's password with one of my colleague and now I want to change it. Kindly guide me how can I do this or please do it for me.

The employees raise these tickets after they have forgotten the password of their accounts. Using the LADSS - self-password reset software, the administrator no more need to deal with these tickets, as employees can reset the forgotten passwords by their own. However, for that, they have to register themselves in the software database.

Only those users, who are enrolled with LADSS - self-password reset software can reset domain password by answering a set of questions set by the system admin. This is how domain users are protected from accidental password reset by other users while utilizing this software.

User has to undergo a simple enrollment process in which s/he has to answer a set of questions. During the enrollment process, the user can set a list of questions which can be self-framed too if allowed for his/her domain by the system administrator. The answers to these questions are saved in the software database, which are later used for user's identity verification during the password reset.

In case of any mismatch, the user is denied to perform any operation in the web portal thereby not allowing him to change the password. While configuring the self-password reset policy, administrator can validate limits for the authorization quiz like the type of question and maximum & minimum characters for an answer.

This tool helps the administrators to notify the users about their passwords expiry; so that they can reset their passwords right on time before the password expires at scheduled interval as per the password reset management policy. Notifying the domain user beforehand helps minimizing the number of account lockouts to a significant amount. Furthermore, it helps reducing the employees' downtime and increasing productivity.

Increasing the number of help desk professionals is often related with balancing volumes of tickets for password resets. However, after some time, one may find these highly qualified professionals engaged in resetting passwords rather than focusing on more essential issues. Performing self-password reset reduces burden of resetting passwords from helpdesk professionals as well as minimizes the helpdesk costs, as users can themselves reset their password without involvement of administrator.

All these activities so performed by the software are regulated by the tough user validation policies that help to tighten the AD security, protect critical data, eliminate unregulated access to resources, reduce IT workload, and simplify self-service procedures.