Change password from username/password credential entry
Change password from username/password credential entry
0 vote
With the chance this feature will result in a 'too big' feature, but it would be ideal if we can reset the passwords for Username/Password credential entries. (AD - Active Directory accounts only, not others)
Either from the Dialog of the credential entry, or from the dialog that starts with the button: generate password.
in the latter case, we'd 'Edit' a username password entry, click on the 'Generate password' button, have the dialog generate a password, and below the current button 'Copy to Clipboard' would be a button: 'Change in AD' ;-)
I'm aware this may only work for Active Directory accounts, and those domains should be 'reachable', but because RDM is becoming more and more a management tool, it would really be great.
Since at that time, the 'current/old' password in AD should match the current password in RDM, so the RDM should be able to 'generate a new' password, and change it in AD.
(Note: difference between 'change' and 'reset' password is: with change you must know the old password. with 'reset' you force a new password without knowing the old password. The 'reset' would require more privileges, and is out of scope for my request).
PS Small enhancement: the button in above dialog: 'Copy to Clipboard' is always active, even when no new password is generated or selected. This button and the new one should only be 'Enabled' when a new password is selected in the box at the left
Thanks for a further, great tool!
Ben van Zanten
All Comments (2)
Hello,
It's look like an interesting idea. Do you see a configuration in the entry to specify that it can support the AD Change password propagation and some type of AD configuration to execute it?
Regards
PS: I will fix the issue with the Copy to Clipboard
David Hervieux
It is currently not visible from any property on the user/password credential entry that it is regarding an AD username/password.
It could be a username/password combination for any type of credential, like AD, Windows server, Unix server, websites, Devolutions Forum, Google, Facebook etc. The fact that the UPN is filled may give a good clue, but in theory the users can use the UPN box to store alternative notations for the username without necessarily making it an AD credential. (PS I like that new UPN feature a lot).
In theory you could add a new property to indicate the type of username/password; or: in Advanced - Asset there is also a 'domain' text box; use that as an indicator it is AD related.
But maybe you don't even need to know it is an AD account, if the user presses the future 'change' button, the code could just 'try' to contact the AD, and fail if it doesn't work.
That would be good enough for me (although maybe not for others)
For the second half of your question: some type of AD configuration to execute it; I don't think any more configuration will be needed. This credential entry already has a 'domain' box in it's primary interface (and/or alternatively use the 'Domain from asset') and RDM can just send a 'change' password request for the corresponding username to the domain, adding the 'old' password, and the new password. For example: c# - How to programmatically change Active Directory password - Stack Overflow shows some example code.
However, I'm aware that "if" you'd provide such a feature, and it works for AD accounts, and someone else fills in his/hers Facebook, Google, Email or other account, you may start to expect feature requests to be able to update them as well, that's what I meant with the possibility this item may become too big, and I'm personally most interested in the AD part, although that might work for windows AD Member servers as well.
Regards, Ben van Zanten