We run a BYOD device school running mainly Macs. We are trying to centralize our usernames and passwords via AD. I have managed to get AD to connect to our systems (Moodle, Curriculum Mapping, Wiki's and internet filtering). The only problem I have is that people can't change their AD password on there own. I see there are commercial solutions out there but they are pretty expensive. I know on Mac server there is a website you can change it at.
Anyone got any ideas on how to best do this at minimal cost?
Cheers, I did do a search but didn't come up with anything..... didn't know what to search I guess. Will get the tech guys to have a look and see what they think.
Anyone got reasonably priced commercial software that is decent? We are in Thailand and it is sometimes easier to buy than do in house as our guys can't support it.
Are you basically looking for some sort of web based solution that will allow your users to punch their AD username and password into a website and then be able to reset their password? If so it can be done through LDAP via SSL, can be a bit fiddly as you need to have your server setup to generate CA certificates but the actual website / page itself shouldn't be too difficult to script, I do have some LDAP PHP scripts somewhere so I will have a look and see if I can get a simple login and reset your password utility up and running.
www.sysoptools.com - We run IT at a few EDU campuses and this web based self service tool works very well. We found out about it from another EDU IT shop that uses it. It is secure for extranet (public) access deployment, completely customizable (make your own look / feel), super easy to deploy, has provision for HA/DR, supports mobile device access (iphone, BB, WM, android) and any browser (IE, Safari, Opera, Chrome etc). It is enterprise class but has a very low price point. Sure you can use IISADMPWD but it is only marginally functional- e.g. it will not help with expired, lost or forgotten paswords or locked out accounts. For that you need a more robust solution.
Unfortunately, most purchasable products of this type are not secure for extranet deployment and will have you do things like run the actual self service website process with domain admin privs, and it must be installed on a domain member server. Also there will be flaky features like a central admin (keys to the kingdom) page directly in the self service portal itself, and you'll probably have to run some sort of SQL or MySql database. All make for a very risky system to publish externally, and you do not want to open up a security hole in your extranet. You also want something extremely bulletproof and reliable!
We literallty looked at 20 different solutions and the Password Reset PRO was the only one that passed all tests and criteria - For example, the web based portion resides on a non-domain IIS web server in a DMZ away from the internal domain, has no domain credentials, and you manage it just like any regular IIS website. There is an internal portion that has the credentials and it is installed separately from the web site safe inside the LAN. Very cool. We also like Hitachi's "Hitachi ID" but it was much more expensive and we did not need all of the SSO options for connecting various types of systems. Plus it still required running the self service site process with domain credentials. FOSE is also worth looking at and most EDUs can get it cheap, but the self service portion is not as flexible or feature rich as Reset PRO especially in a "BYOD" environment - which is actually very common these days.
Anyway good luck and hope this helps.
There is also the password utility from wisesoft ( www.wisesoft.co.uk ) and also burconix : http://www.burconix.com/?p=software-...ords-free-tool
previous post here :
Free self-service password resets for students or teachers?
There are other previous posts where some on here have made there own utils however I did find this and there appears to be some others on google code :
pwm - Open Source Password Self Service for LDAP directories - Google Project Hosting
Do you use exchange for your email? The newer OWA supports this afaik.
There are currently 1 users browsing this thread. (0 members and 1 guests)