~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I would like to have the user's change their own passwords, but I would also like to be able to know their new passwords. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ALARM! ALARM!! I don't *ever* want to know someone else's password. I don't *ever* want someone else to have reason to believe that I have their password, as this violates all sorts of security principles. This violates the whole purpose of having a password in the first place. If I ever need to get into an end-user system as their specific account, when they happen to be unavailable, I'll change their password at that time. (Ensuring that I have good key recovery in place for EFS usage) Suffice it to say, your plans has Bad-Ideaâ written all over it. I would highly recommend that you pursue a different course of action. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Does anyone know of a solution? Maybe something like an email generated by some sort of script with the new password? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This only sounds worse... Not incidentally, the NET USER /RANDOM command supports the generation of random passwords. - ASB Cheap, Fast, Secure -- Pick Any TWO. http://www.ultratech-llc.com/KB/ On Wed, 3 Nov 2004 13:21:39 -0500, Matthew Crape <[EMAIL PROTECTED]> wrote: > Hi Group, > > I have already delved into the archives and I couldn't find quite what I > was looking for. It is very possible that I looked over it, and if I did I > apologize in advance. Now, to my question: We are a fairly small shop here > (about 40 users) and the traditional way of doing a password change was to > collect new passwords from everyone and then I change them in AD as well as > in a couple of other places (i.e. like synchronizing them with our > non-Exchange mail server). We did this so that in case somebody was away on > vacation and we needed to log on to their computer (with their profile) we > could do it. It saves the hassle of say, logging in with a domain account > and then manually opening up a PST file or something like that. > > I would like to have the user's change their own passwords, but I would > also like to be able to know their new passwords. We have had numerous > issues in the past with people telling us their wrong passwords, so I would > like to get it straight from AD if possible. Right now the only solution I > can see is cracking all of the passwords, but that isn't the most feasible > way. > > Does anyone know of a solution? Maybe something like an email generated > by some sort of script with the new password? Sorry if this email dragged on > for a bit. Any help is appreciated. Thanks. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/