ADSelfService Plus 5.3 Build 5306
Hi, We are glad to announce the release of the latest build of ADSelfService Plus – 5306. This release introduces an option to encrypt and secure the keystore password and also fixes a lot of issues in the product. Enhancements: Now you can set a limit for the number of password resets and account unlocks a user can perform in a given number of days. Issues Fixed: Issue in directory self-update when a custom attribute is added to the layout. Issue in importing CSV files by technicians who are logged
Upgrade from 4570 to 5xxx Functionality or Configuration Changes?
When upgrading from build 4570 to latest build are there any functionality changes, user experience changes or configuration change requirements to be aware of? Thanks, Dan
Information on "Make Admin Login Page Accessible Only from" setting
I am trying to find detailed information about the " Make Admin Login Page Accessible Only from" setting. I have read through the user guide, googled it, found a page or two outside of the forums but I am not closer to figuring out what this setting does and does it do what I think it does. The way I read " Make Admin Login Page Accessible Only from" is that it locks down the admin page to only be accessed by specified IP addresses. If that is true then what is the separator used to list multiple addresses?
Did You Know - Advanced Policy Configuration Part I
In last week’s post we saw how to create OU and group-based self-service policies. This week I will show the various advanced options that you can configure to make the self-service policies suit your exact business requirements. Block User Tab: This tab allows you to block users who failed at the identity verification step. If a user attempts to use more than a few unsuccessful reset password attempts by providing the wrong answers to security questions or verification codes, then that users will
Remove Language Selection Option
Is there a way to completely remove the language selection option Drop Down List from the entire website?
Disable or Edit Mobile Device Pages
Is there a way to point mobile devices to standard web interface? Is there a way to edit the mobile pages?
Soon-To-Expire Scheduler for Fine-Grained Policies
I'm curious to know if anyone has been successful with using this tool against Active Directory with a PSO Fine-Grained password policy? I'm wondering if there is any way, we can configure ADSelfService Plus, to use something other than the Default Domain policy within AD. We have several different types of password policies, we have multiple agencies which have different standards. With that said, we utilize a method of password policy management, which is known as a PSO policy against Global Security
Photo Upload Plugin
1. Can we customize the photo upload page with more advanced (zoom, resize and crop) plugins? 2. Where can we specify the Max photo size limit in Kb?
Customize GINA/Mac Unlock/reset screens
Currently when users use the GINA/Mac feature to unlock or reset a password, it shows domain password requirements. The way these are displayed is not very easy to understand for basic users : "The minimum password age is 7" "The maximum password age is 180" "Domain password complexity is enabled" And so on. The list is confusing to novice users who often times do not understand what information it is trying to give them. We would like the ability to customize the GINA/Mac unlock/reset screens to
Cannot access to ADSelfService Plus Portal for Admin Login.
Problem area: I had enabled SSL and hide "Self Service Admin Login", I was able to access via showLogin.cc link but I cannot access through AdminLogin.cc link with error webpage cannot be found. Gina installation on XP with no problem but cannot install on Vista Business.
adselfservice security questions
How a user can modify or update the responses of the security questions ?
A vulnerability in SSLv3 (dubbed POODLE) was disclosed publicly
Hello ADSSP Support, A vulnerability in SSLv3 (dubbed POODLE) was disclosed publicly on 10-14-14. This vulnerability in conjunction with the SSL 3.0 fallback mechanism creates a critical security flaw. Since our instance of ADSSP is exposed externally (publicly) here we would like to disable SSLv3 ASAP to close this vulnerability. Please advice as to how we can fix this issue in ADSSP? MURAD AKRAM Lead Enterprise Systems Engineer , ESM Group
Allow users to Unlock Account and Reset Password
I was under the impression that this software allowed users to unlock their accounts and reset their passwords without having to make AD changes. However, it's come to my attention that in order to unlock their account they need the Read lockout Time and Write lockout Time permissions delegated to them in order to unlock their own account. Is it acceptable form to give all end users this permission and would they then be allowed to unlock any and all accounts?
Did You Know – Group and OU-based Self-Service Policy Configuration
What are Self-Service Policies? The self-service policies in ADSelfService Plus govern what self-service features users can avail. These policies have advanced settings w hich can be configured to apply restrictions on how users use the self-service features . Group and OU-based Configuration It is highly likely that not all users in a domain would require similar self-service permissions and restrictions. Keeping it in mind, ADSelfService Plus has an option to configure OU and group-based
ShowADSSPTile
AD SelfService Plus, Build Number : 5305 'ShowADSSPTile' is 'FALSE' but Tile still appearing: Client OS: Win 7, 8.1, and 10 I only want the ‘Reset Password/Unlock Account’ link at the logon prompt and not any separate tile. Please Advise?
Customize Layout > Modification Rules
HI I am trying to create a rule that will change the value of the "Description" field to match the "Title" of the users account. When I set the "Assign Value" to %Title% that is what the end user account gets populated with. The Description now says %Title% Anyone know how to make the Title populate the Description? Thanks
Password sync agent - Invalid Uri
Hi, I have installed the ADSelfService Plus Demo and the Password Sync Agent in a test environment. The ADSelfService Plus Demo installed on a W2K12 machine without any problems. I installed the sync agent on a PDC (W2K8) but I couldn`t start the service because of the missing message queuing. Neither the docu nor the install routine says that there is a dependence on the MSMQ feature. So I installed that feature, double checked the configuration for server and port, checked local firewall but still
SSL is kicking my butt
I have SSL working but not on my fully qualified domain name. For example: https://server/ comes up fine, but if I use https://server.mydomain.com/ then it throws a certificate error. I have installed self-signed AD certs. I have also tried installing with my GoDaddy certs, but the ADSelfService pages won't even load when I do that. Also, my godaddy certs are not like the ones given in the examples. My boss is insisting that https://server.mydomain.com/ functions warning-free before we deploy.
Not working after installing new certificate
Our ADSelfService portal was using a certificate which gave errors with Chrome and Firefox (“Server has a weak ephemeral Diffie-Hellman public key”), so I bought a new certificate. I created a new keystore for this new certificate and modified the server.xml: <Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="1" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/sspapplusrtdcom.pfx" keystoreType="PKCS12" keystorePass="******"
Self Update Layout/Modification Rules
Hello, With the latest version 5.3 build 5305, they added an enhancement for self-update to auto-populate attribute values. I can get this to work to populate a single value, but does anyone know how to get it to populate multiple values in a drop-down list? i.e. when the user enrolls and selects a State, have it populate the various cities within the state? Same with Zip Codes, etc. I can't seem to figure out how to get this to work? Thanks. Rory
How to change already expired password
Hi, Is it possible for users to change their already expired passwords? I've tried to with testing account and successfully changed password, but new one remained in "expired" state. -- Nikita.
AD Self Service Plus Certificate
Is there any way to create a certificate request that contains a certificate template or anything other than a .csr? I want to sign the certificate from my own Certificate Authority but the web enrollment doesn't allow using Cryptography below windows Server 2008 and thus will not issue the more secure Certificate's from the web enrollment using the .csr as generated from the ADSS web page. Thoughts or work around?
Logon Page Customizer only loads default page
ManageEngine Team, we have a custom logon page that is working normally. We need to make some additional changes to the logon page however when I load the logon page customizer under Admin it doesn't load our custom page, it only loads the out of box default logon page. Is this a known problem and is there a fix? Thank you Scott
Remove User Data
Is there a way to do one or both of these two things? 1. Delete enrollment data for a particular user, even if the account is active. 2. Restrict users based on group membership instead of OU, Disabled, etc. We have a need where we block access to an account by changing their password. If they are enrolled, they could simply reset it!
Your account has been restricted
Some users (not all) get the error message "Your account has been restricted" when trying to log into the portal. How can I remove this "restriction"?
Problem to register new entry in a DropDown list
Hi We have a DropDown List for psysical locations related to the Office Field in Active Directory. When i am tryying to add a New location I got this Message I am here triing to add 'Berglund' and it is not a dublicate. Whatever I Write her I get the same Message. Any Idea why this hppens? I have done this before without any problem. Since last it worked ok, I have upgraded to Version 5.305. Regards Reidun
Need help with changing the example next to user name
Need help on changing the example that is shown when prompted for "Domain User Name". It shows an exmaple: Jsmith but we use firstname.lastname. Thanks
Did You Know - How to Manually Restore ADSelfService Plus Database?
This video explains how to manually restore a backed up copy of the ADSelfService Plus database.
Resolving ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error in Chrome version 45
Hi, You receive the error when the server is trying to setup a secure connection and due to a disastrous mis-configuration, the connection wouldn’t be secure. As of Chrome version 45, this error message is triggered if the SSL/TLS handshake attempts to use a public key smaller than 1024 bits. Please replace the cipher in the SSL connector to fix it. Example: <Connector SSLEnabled="true" ciphers="T LS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA
Did You Know - Multi-factor Authentication Techniques in ADSelfService Plus
In this week’s did you know series, we will look in to the various multi-factor authentication techniques available in ADSelfService Plus. Why Multi -factor Authentication? Even a simple action such as a self-service password reset has the potential to expose your Active Directory to hackers. To mitigate such security risks, ADSelfService Plus verifies users’ identities using two or more factors of authentication as opposed to a single-factor of authentication . Various Authentication Techniques
ADSelfService Plus Report?
Is there a way to pull field values for all users registered in ADSelfService Plus? I would like to run a report to view everyone's phone numbers. Thanks in advance,
How AD Self Service Plus works with AD
Hi , I need information about ManageEngine ad selfservice plus. How it works with AD server. How AD selfservice communicate with AD server in the backend. How do i trust AD self service before implement in network? Regards, Tejas
ADSelfService Plus 5.3 Build 5305
Hello Everyone! We are glad to announce the release of the latest build of ADSelfService Plus – 5305. This release introduces business logic for self-update to auto-populate attribute values based on user input. It also includes other enhancements and some major bug fixes. Enhancements: Business Logic for Self-Update: You can now configure your organization’s business logic for self-update to auto-populate attribute values based on user input. Option to overwrite enrollment data while automatically
Self Service - Customize Layout
For the user information tab that maps to ADUC.... 1) Is there a way to modify the order of the "Groups"? I tried both Internet Explorer and Edge and am unable to move the Group panels around to reorder them. 2) Since you can add multiple Layout templates, how do you select which one to use by default?
Scripting page error?
Please see the attached image. When doing a reset with the gina addon after successfully answering the questions my users receive the following error. If i hit yes the password is successful. How can fix the scripting error?
Lost DC, How to change if cant login to admin portal?
I lost the domain controller that must have been specified in the config of ADSelService. Now no users can authenticate to the application and I cannot access the admin portal to change the domain settings. How do I make the DC setting change to point to another DC?
Error when trying to login as technician other than "admin"
I've added a couple Active Directory accounts as technicians ("super admins"). When I try to log in as any of them it redirects me to http://<servername>:8888/j_security_check?loginComponent=AdminLogin&formSubmit=SSP and says "the webpage cannot be found" If I try it from Chrome i get Sorry,the page you requested was not found. Please check the URL for proper spelling and capitalization. If you're having trouble locating a destination, try from our home page. And when I click on "home" it just throws
Did You Know - How to manually take a backup of the ADSelfService Plus database
This video explains how you can manually take a backup of the ADSelfService Plus database. Note: The manual backup process works only for the built-in PostgreSQL database.
Cert error on Iphones and Androids but working ok on PC.
I am getting certificate errors on iphones and Androids, with assistance I was able to get the correct cert installed and working ok on IE and pc web browsers but we are still getting the error on phones which is where we hope to use this. We might use the application for the phones but for initial enrollment email they are required to click on the email web address and enroll, this is where we are having an issue.
SharePoint 2013 Integration
How do I integrate ADSelfService Plus with SharePoint 2013? Is there any documentation? If so please let me know where to find it.
Next Page