Office 365: Enable User Password Reset

KB ID 0001551

Problem

If you want to give your Office 365 users the ability to change and recover their passwords this is the procedure.

Solution

Open the ‘Azure Active Directory’ admin console.

If you didn’t already know, Azure is what’s underpinning your Office 365 subscription, Select ‘Azure Active Directory’ > Password reset.

I’m enabling for everyone, you can choose ‘Selected’ and then nominate groups the you want to grant password reset for. when done click ‘Save‘.

Now when your users login they will be asked for additional information.

You can then set a phone and andalternative email address you can use for authentication.

Related Articles, References, Credits, or External Links

NA

Windows Administrator “Lost Password” / “Password Reset”

KB ID 0000159

Problem

You have forgotten your password, or the administrators password fo your Windows machine.

Note: You can also ‘Blank’ or reset the DSRM (Directory Services Restore Mode) password on a Domain Controller (Tested on 2012 R2, by blanking the password). Using this method.

Lost Password : Fix

Lost Password Software Download Links

Password Reset CD Image (3.5Mb) Note: This is a .iso file – you need to burn it as an image! Simply dropping this file on a CD will NOT work.

WARNINIG – If your drive has been encrypted with Windows Bitlocker this procedure will not work!

Related Articles, References, Credits, or External Links

Windows 8 – Lost / Forgotten Password?

Granting Users Password Change Ability (Password Administration)

KB ID 0000503

Problem

This is a two part operation, firstly you need to give the user(s) the rights to change passwords, then give them the tools to do so.

Solution

Step 1: Grant the rights (Delegation of Control)

1. Whilst logged into a domain controller with administrative access, open “Active Directory Users and Computers” and create a group that you are going to allow password reset rights to. Note: In this example I’ve created it in the same OU, in practice you would probably create the group elsewhere in AD.

2. We are going to need to create a security group, give it a sensible name.

3. At this point I’m also going to create a test user – (you will see why later), in the same OU that I’m going to grant password reset rights to.

4. Right click the OU containing the users you want to grant password reset rights to (Or like in this example, the parent OU). Then select “Delegate Control”.

5. At the welcome screen > Next.

6. Add > Locate the group you created earlier > OK > Next.

7. Grant the “Reset user passwords and force password change at next logon” > Next.

8. Finish.

9. Finally add the user(s) you want to grant reset rights to to the group you created earlier.

Step 2 Give the user the tools – Option 1 (Create a Task Pad)

1. While still on your domain controller (or a machine with the RSAT tools Installed), Start > In the search/run box type mmc {enter}.

2. File > Add/Remove snap-in > Locate and add the “Active Directory Users and Computers” snap-in > Add > OK.

3. Right click the OU you are granting rights to > “New Taskpad View” (Note: you may need to turn on advanced view {view > Advanced options}).

5. Next.

6. Set as required > Next.

7. Leave on defaults > Next.

8. Add a name and description > Next.

9. Make sure the “Add new tasks…” is selected > Finish.

10. Next.

11. Menu command > Next

12. Select the test user you created above > Select “Reset Password” > Next.

13. This is what the user will see in their taskpad as an option > Next.

14. Select an icon > Next.

15. If you want to add anything else, leave the box ticked to re-run > Otherwise > Finish. Lets remove all the bits we don’t need > View > Customise > Untick everything > OK.

16. File > Options > Give the console a name > Select “User mode – limited access single window” > Untick “Allow the user to customise views” > Note: You might want to tick “Do not save changes to the console” > Apply > OK.

17. File > Save > Put the file somewhere you can find it.

18. Now your password admins can run this taskpad and have the “Reset password option”.

Note: For them to be able to run this on their client machines they need the following installing on their machines:

XP Clients and 2003 Server: adminpack.msi (you will find it in the system32 folder on your (2003)domain controllers.

Vista Clients and 2008 Server: Install the Vista RSAT Tools (download).

Windows 7 Clients and Server 2008 R2: Install the Windows 7 RSAT Tools (download).

Step 2 Give the user the tools – Option 2 (Use NTAdmin)

1. Yes its an old tool but it’s simple and it works! Good for help desk staff and technophobes! Download NTAdmin > When you run it, browse > select the user in question > OK.

2. Click ResetPW > take the default of “welcome”, or choose a new one > Yes > OK.

 

Related Articles, References, Credits, or External Links

NA