Objective 

Learn how to reset two-factor authentication (2FA) for the default admin account in ADManager Plus. This is useful when the admin is unable to log in due to lost access to their 2FA device, expired authentication codes, or misconfigured 2FA settings.

Prerequisites 

• Access to the server where ADManager Plus is installed.

• Ensure ADManager Plus is up and running.

• An account that has the necessary privileges to execute scripts on the server.

Steps to follow 

 Step 1: Reset 2FA for the default admin 

1. Log in to the server where ADManager Plus is installed.

2. Navigate to the installation directory (By default, located at C:\ManageEngine\ADManager Plus on Windows).

3. Locate the file named ResetTFAEnrollment.bat.

4. Right-click ResetTFAEnrollment.bat and select Run as administrator.

5. This will clear the current 2FA settings. The next time the admin logs in, they’ll be prompted to re-enroll for 2FA.

 Step 2: Complete 2FA reset 

1. Log out of ADManager Plus and log back in using the default admin account.

2. You'll be prompted to configure 2FA as a new user.

3. Follow the setup instructions to complete the enrollment and verify that the login is successful.

Note:   

• Running this process will reset 2FA for all users in ADManager Plus, prompting them to re-enroll during their next login.

• Notify all admins and technicians before resetting 2FA to avoid login issues.

• Only run this script when required, as it resets 2FA for all users. Ensure it's stored securely and accessed only by authorized administrators.
  

 Tips 

• Coordinate with your IT team before running the reset, as all users will be required to re-enroll their second factor during their next login.

• After resetting, verify that each user successfully completes their 2FA setup to maintain secure access.