What's the Purpose of Linked Accounts?
Linking accounts (say a local AD account with O365) doesn't seem to serve any purpose. The documentation on this feature is slim so I would appreciate some clarification. Cheers, Kyle
Security Questions requirements are too restrictive
I've just rolled out AD Self Service at my organization. I keep getting users reporting that for several of the questions there are restrictions to have 5+ characters when the question should realistically allow for fewer. For example if a user selects "What is your favorite color?" as a question, it requires 5 or more characters. So completely valid answers: Red, Blue, etc... will not work. I understand the need to require a minimum character length so that fields are not left blank, but not
change replyto address - Expiry Notification Tool
running ADSelfService Plus’ Password Expiry Reminder Tool, v 5.3 free edition. I'm trying to change the "Reply To" address that is included in the email notifications. it currently says noreply@adselfserviceplus.com and i'd like to change this. I can't seem to find how to change exchange server settings in general either. Thanks for any help that can be provided.
License count
Dear all, We have evalute the ADSeldService feature, one question how is the license count toward domain users. Our company policy will never delete users account and only put them to disable after they left, would it count toward domain users license? Regards, Daniel
QR Code Image
I am trying to figure a way to change the address within the QR image. The server address that is in the QR image is the Server name and I need it to be the URL that is accessible from the internet. The server name is only accessible from our internal network.
Where do I change the email address?
Hi, We have changed our contact email address and I would like to update the same on SelfService but I can't find it
Change "Permission Denied. Kindly contact your Administrator" message when un-enroled users login
I would like to know how to change the "Permission Denied. Kindly contact your Administrator" when a user who is not enrolled tries to reset their password? Would like to change it say something like "You have not enrolled, please enrol before using this service2? Also, on the Reset Password and Unlock Account login screens, I want to change the text next to the username field that shows "(Example : Jsmith)". Our usernames are first name.surname and want the example to show this. Any ideas?
ADSelfService Plus 5.3 Build 5303
Hi, We are glad to announce the release of the latest build of ADSelfService Plus – 5303. This release brings a major new feature that empowers remote users – cached password update. Feature: Now update local cached password when remote users reset their passwords in Active Directory through the GINA/CP client. IMPORTANT NOTE: Existing Customers can upgrade to the latest build by downloading the ADSelfService Plus Service Pack 5.3 SP 0.3 from the link below: http://www.manageengine.com/products/self-service-password/service-pack.html
Which domain controller(s) should I be using
Need some help from support and would be helpful to hear from other folks using the product. I have set the product to only use the primary domain controller emulator PDCe. The thought behind this is: When an account is locked out no matter where, the lockout is replicated from the local site DC up to the PDCe right away This makes unlocks against the PDCe always work as the PDCe has seen the lockout right away When an account is unlocked, or password reset, the user then tries to login to Windows.
ADSelfService Plus 5.3 Build 5300 Service Pack Install hangs at 98% Post invocation progress
ADSelfService Plus 5.3 Build 5300 Service Pack Install hangs at 98% Post invocation progress. Trying to update from 5.2.6 using ManageEngine_ADSelfService_Plus_5_2_0_SP-9_9_0.ppm on Windows Server 2008 R2. Yes, ManageEngine service is stopped and stopDB.bat was run. Oddity noted: there is a second 'Installation Wizard' window behind this one which shows no progress. Anyone else solved this issue?
Which SSL Certificate file to use
I used RapidSSL for my certificate. I submitted my CSR data online, by coping and pasting the contents of the CSR file. They then supplied me with some download options after they generated and issued the certificate. First, I have two possible formats to download the certificate: Either to download a certificate in PKC7S format, or a X.509 certificate. Second, I have the three additional options that I can choose: 1. Plesk bundle 2. Certificate Issuer 3. Apache bundle Would it be correct that I
SSL Certificate Web Server Type
I am attempting to setup an SSL Certificate. I have generated my data from the ADSSP certificate tool, but now my ISP that I am getting the certificate from, have asked what my "Web Server Type" is? ADSSP is installed on a Windows 2008R2 server, so the closest to this in their options is "Microsoft IIS 5+ or later" or is it something else? I have noticed people have mentioned tomcat in some of the queries in the forum, so do I choose that? "
ADSelfService Plus 5.3 Build 5300
Hi, We are glad to announce the release of the latest version of ADSelfService Plus – 5.3 (build 5300). This new version introduces ‘Help Desk Assisted Self-password Reset and Account Unlock’ along with some major enhancements and bug fixes. Features: Help desk assisted self-password reset and account unlock using Active Directory attributes as security questions to verify user identity. Enhancements: Updates Java Runtime Environment package to version 7. Supports TLS 1.2 for heightened security.
Password history enforcement
We have deployed ADSelfservice Plus and are using it successfully. However we just discovered what could be a major issue. It appears the product allows users to re-use passwords, because it doesn't look at the AD password history. I found and checked the box on the Policy Configuration screen, under Reset & Unlock, that says "Enforce Active Directory Password history settings during password reset", but it doesn't seem to work. In testing I can reset a password, then run again to reset to a new
GINA/Mac Installer not usable after product upgrade
I upgraded from build 5206 to 5302 this weekend and now I have lost the ability to use all the tabs in the GINA/Mac Installation section. When I click on them, I get the message "Sorry, the page you requested was not found. Back | Sign Out". See attached for screenshot.
HTML Emails
When I select to send the emails from ADSelfService Plus in HTML the line breaks do not come through propertly. The email is sent as one running line that just wraps in the users email client window. Is there something else that needs to be done in order for the email layout to carry through when HTML is chosen? Thank you!
ADSelfService Plus 5.3 Build 5302
Hi, We are glad to announce the release of the latest build of ADSelfService Plus – 5302. You can now send enrollment and password expiry notifications as push notifications to end-users’ mobiles. This release also includes enhancements to auto enrollment, forced enrollment along with some major bug fixes. Enhancements: Mobile Push Notification support for enrollment and password expiry notifications. Now automatically enroll users by creating a scheduler for importing enrollment data from a CSV
IE8-11 enrollment by google authen not success via web portal when hit enter button
I'm testing enrollment process and found some problem only on IE8-11. When try to enroll by google authenticator. 1. user log in web portal. 2. user scan qr code on web portal 3. user enter 6 digit code 4. user press enter button on keyboard !!!!! instead of click enroll button 5. There is message show successfully enrolled! 6. click on enrollment tab again to check not found red message you have already enroll. 7. check on enrollment report. show -NA- 8. If click on enroll button in web portal and
ADSelfService Plus Fixes and Enhancements
Version 5.3 Build 5301: (21/May/2015) Enhancements: Option to set the keystore password, which will be encrypted for heightened security, directly using the product UI. Issues Fixed: Issue in automatically enrolling users using external data source when ‘Overwrite enrollment data’ option is enabled. Issue in syncing Oracle Database and Office 365 passwords when the password contains special characters. Issue which caused the loss of enrollment data while editing security questions. Issue which launched
Delivery Report for Email notifications is wrong report
Greetings, Our ADSSP is configured to email the delivery report daily to our support SharePoint and to me directly. The email is being sent correctly and to the correct recipients, but, it contains the wrong report file (XLS format). The attached report is the Soon To Expire Password Users Report instead! Huh? Thanks, Steven
Additional Features in AD Self Service
Good morning, I wanted to inquire and see if someone can answer the following questions: 1. Does AD SelfService Plus offer two factor authentication for the enrollment process? 2. Can notifications/reports/logging work with third party tools such as Splunk? 3. How do I customize/edit some of the pop up messages already built into ADSSP? Such as the force enrollment prompt? 4. Has there been any successes with ADSSP and McAfee EndPoint encryption? Any answers would be greatly appreciated. Thank
Proper way to upgrade ADSelftService
We have a small AD in the lab with about 30 users and wanted to use the free 50 user system. I tried to upgrade from 5.3 to 5.3.1 today and it said I need to uninstall. I then uninstalled and did a reinstall. Upon choosing the same folder it says "Some files exist in the specified directory. Kindly provide a different". Did I lose my config? I did a backup but what gives, how do you upgrade this thing??
Upgrading to build 5301 from build 5106
Greetings, We are planning to upgrade our ADSelfService to the latest released build. Our environment has several computers with the GINA agent installed with our current build (5106). Is there any compatibility issue with our agents on working with the latest build, or any other issue that we should be aware about? Looking forward to explore the new enhancements! Thanks & Regards Mércio
Remove My Info tab in AD Self Service Plus
Does anyone know how to remove the "My Info" tab when a user logs in to AD Self Service Plus? We only want users to be able to enrol and change password from this screen, so do not want to show the My Info tab
Restrict users on-demand
Hi, I see on the ADSelfService console there's a way to restrict users, but it only lets to restrict disabled, deleted or inactive users. Is there a way to restrict enabled users? For example, we want to restrict the POS users, in case there's a person who wants to try to register it. Regards! Sergio Hernández.
Restrict number of mobiles
How to limit the numbers of mobiles to only one which recorded in Ad ?
Adding Technician
Whenever I add a new technician as a SuperUser, the user who is being assigned those privileges does not see any of the tabs associated with being a technician. They only see the same tabs as a regular user would see. I have added them both from my login and as the Admin account and the same thing occurs.
Creacion de politica en adselfservice plus
Buenos Dias Me gustaria que me ayudaran en lo siguiente quiero crear de Una Política la cual sea permita Realizar la inscripcion automatica de los Usuarios Que se encuentran en Una Unidad Organizativa en ESPECIFICA del Directorio activo Que Apenas realicen el inicio de sesión En sus equipos El Sistema los obligue a inscribirse
report can't be run manually?
Hi there, When playing around with Reporting ... I realized that there's an entry that's only available when creating new scheduled reports. When creating new scheduled reports , under Select Reports section > Report Category . there's an extra report available on the Select Reports check boxes: Soon-To-Expire Account Users (circled blue on both screenshot below) That one is not available when viewed on the Reports page so i can't run it manually. Also, during the creation of new scheduled reports,
ADSelfService Plus 5.3 Build 5301
Hi, We are glad to announce the release of the latest build of ADSelfService Plus – 5301. This release introduces an option to encrypt and secure the keystore password and also fixes a lot of issues in the product. Enhancements: Option to set the keystore password, which will be encrypted for heightened security, directly using the product UI. Issues Fixed: Issue in automatically enrolling users using external data source when ‘Overwrite enrollment data’ option is enabled. Issue in syncing Oracle
Customizing the Password Reset Page
I am trying to add custom verbage to the password reset page. I have modified the html document and entered some pretty basic html commands. However, all content is displayed, inlcuding my html tags. What am I missing? Also the format which the text is displayed is different when someone signs in to reset their password versus when someone just clicks the reset password and answers the security questsions. Why is this?
Fine Grained Policies
Is it possible for ADSelf service to reflect fine grained password policies in the requirements listed when users are resetting passwords? Right now the page reflects the default domain policy, since my users are using fine grained policies these requirements are being reflected incorrectly... If not, can I manually modify the page to reflect the proper requirements?
AD SelfService Plus Certificate Help - Microsoft CA
I am having trouble with getting a certificate from my 2012 R2 CA for AD SelfService Plus. The documentation that I have found on the forums does not work. Can someone provide me with a working complete walk through. SelfService Plus is 5.2 5206 Thanks.
Protection against the POODLE SSLv3 Vulnerability
Hi, By now you would have heard about the POODLE vulnerability. An attacker can use this vulnerability to downgrade the security protocol - SSL 3.0 to be more specific - of any application that uses SSL and exploit a security hole in it. Since this problem is in the protocol, anything that uses SSL is affected. You can secure ADSelfService Plus from this vulnerability by disabling SSL 3.0. Follow the steps below to disable SSL 3.0 in ADSelfService Plus: Stop ADSelfService Plus (Click Start
Manger Field Updating
Hi Guys, When I got to update the manager field as a user I cannot save the change.... Any ideas why?
Restricted Users automatically populates
I've created a list of 700 users as part of a project at work. These are all going to be production users, but many haven't logged in yet. Every morning I see over 1300 users in the Restricted Users OU under the License Management of the Admin tab. I unrestrict them all every morning, and they all stay unrestricted until the following morning, when they are all restricted again. I don't have any Restricted Users Schedulers programmed. Thanks for any help you can provide!
5.2 to 5.3 Service Pack Update Fails
Just working through my evaluation, I attempted to upgrade from 5.2 to 5.3. The service pack says it updated successfully: May 6, 2015 2:11:26 PM [com.adventnet.tools.update.installer.ApplyPatch] [INFO] : Service Pack installed successfully But immediately following this line in the log file is a Java Exception error: May 6, 2015 2:11:52 PM [com.adventnet.tools.update.installer.Unzipper] [SEVERE] : ERRUnexpected Error. Please click View Log>> for more detailsjava.lang.reflect.InvocationTargetException
Any issues with McAfee and password reset options?
I am researching this product currently for a client and there was a concern that there may be a conflict between McAfee EEFF (SSO process) and the password reset functionality. Is there any literature on this that I can read through if it is in fact an issue? Any known issues with McAfee that we should be concerned with? Thanks, Jung Choi
High Availability for AD Self Service Plus
Hi, Does anyone have any information on how the system can be made highly available. We are looking at self service for our customer base which is 24 x 7, but our active support is not. We would not ideally want a single server crash to prevent users from being able to reset their passwords. Regards, Mark
Issue on Change Password page
On the Change Password area of the Self-Service tab, the password complexity requirements show like code, not plain text. I am running 5.2 build 5206. adssp.custom.password.policy.policy_requirements adssp.domain_user.change_pwd.policy_req.min_pwd_age 1 day adssp.domain_user.change_pwd.policy_req.maxi_pwd_age 180 days adssp.domain_user.change_pwd.policy_req.min_pwd_length 8 adssp.domain_user.change_pwd.policy_req.pwd_history 2 adssp.domain_user.change_pwd.policy_req.pwd_complex_info At least 1 Uppercase,
Next Page