Reset an expired password or a temporary password from an external web portal with FIM 2010 R2 ?

Hello,

I would like to know if it's still impossible to reset an expired password or a temporary password from an external web portal with FIM 2010 R2 ? I read in this thread that it was still impossible in FIM 2010, so I wanted to know if R2 changed this behavior ?

http://social.technet.microsoft.com/Forums/en-US/c5bd39b6-5bbe-4ca7-8036-634cedf042f9/will-fim-2010-allow-users-to-reset-expired-passwords-from-an-external-portal-website

We are considering FIM so that both our internal users and our external users and partners can reset their password from any computer anywhere, either domain joined computers, or not.

Thank you very much and have a nice day,

September 30th, 2013 6:56pm

Hello,

Password Reset (Self Service) for external users (non domain joined computers) is supported since R2 via the new Password Reset Portal.

See also Whats New in Fim 2010 R2 and SSPR Deployment Guide

On installation you can choose if you only want internal or also external access to the Password Reset Portal, also 2 new Reset Gates are implemented in addition to Q&R, thats email and sms gate.

Regards
Peter

Free Windows Admin Tool Kit Click here and download it now
September 30th, 2013 7:10pm

Hello Mr. Stapf,

I know about the SSPR functionnality of FIM 2010 with non domain joined computers, but I'm specifically asking about using an external web portal in combination with an expired password which is past its due date and or a temporary password with the "user must change password at next logon" checkbox enabled.

As I have read at several places, it seems like it still doesn't work for those specifics instances.

Thank you very much and have a nice day,

Konnan

September 30th, 2013 8:13pm

it should work

Can you point me to the online references you had in case i am missing something obvious

Free Windows Admin Tool Kit Click here and download it now
September 30th, 2013 10:41pm

many systems, when the password has expired and must be changed, do not allow you to log on and do not give you the option to change password

for that to be possible, the system in question must accept authentication based upon the known expired password AND at the same time force you to change the password. Another way is to use ANOTHER form of authentication to reset the AD password. SSPR in FIM allows you to authenticate using Q&A, and/or security code in e-mail and/or security code in SMS

>>>>>from an external web portal with FIM 2010 R2

So you want to do this through an external web portal, but why the interaction with FIM?

I'm missing that part.

October 1st, 2013 10:40am

First, I want to thank everyone for their replies so far, much appreciated.

Hello Mr. Ho,

Well I read even more on this subject lately, I guess I was too quick on the trigger or wasn't precise enough in what I was asking.

From what I understand since I read more on this subject, FIM will allow you to reset your temporary or expired password, if you are already enrolled. Am I on the right track ?

On the other hand, I heard that you can't reset your expired or temporary password if you aren't enrolled yet. That's fine by me, that's expected.

But, I also heard that you cannot enroll if you have a temporary or expired password. Is it true ?

Here's an online "reference" but not sure it's a good reference, it could be marketing speak from that specific software company, too : http://www.networksteve.com/windows/topic.php/self_service_password_reset_questions/?TopicId=58854&Posts=1

Thank you very much and have a nice day,

Konnan

Free Windows Admin Tool Kit Click here and download it now
October 2nd, 2013 4:51pm

Hello Mr. de Almeida Pinto

I guess I didn't write it correctly, I'm really sorry for that. I meant I want to do this through a web portal sitting on the DMZ or Extranet (that's what I meant by "external" web portal, sorry), directly accessible from the Internet. As far as I know, I can do that with the SSPR portal with FIM 2010 R2, right ?

So that our external partners or customers, that receive a temporary password, can directly enroll and reset their password from their own computer at home or at their office which are not domain joined.

Also, assuming those external partners do not enroll ASAP (it happens), they may end up with an expired password, which could be also still temporary.

I wonder if they could enroll with FIM if their password is expired, temporary, or both.

You can also see my reply above. I now understand since reading more on this topic that if they are enrolled, they can reset their password if it's expired, temporary, or both. Am I right ?

Thank you very much and have a nice day,

October 2nd, 2013 5:01pm

Hello Mr. de Almeida Pinto

I guess I didn't write it correctly, I'm really sorry for that. I meant I want to do this through a web portal sitting on the DMZ or Extranet (that's what I meant by "external" web portal, sorry), directly accessible from the Internet. As far as I know, I can do that with the SSPR portal with FIM 2010 R2, right ?

So that our external partners or customers, that receive a temporary password, can directly enroll and reset their password from their own computer at home or at their office which are not domain joined.

Also, assuming those external partners do not enroll ASAP (it happens), they may end up with an expired password, which could be also still temporary.

I wonder if they could enroll with FIM if their password is expired, temporary, or both.

You can also see my reply above. I now understand since reading more on this topic that if they are enrolled, they can reset their password if it's expired, temporary, or both. Am I right ?

Thank you very much and have a nice day,

Free Windows Admin Tool Kit Click here and download it now
October 2nd, 2013 8:18pm

Hello Mr. Adare,

Thank you very much for this detailed post.

Is being enrolled or not would change anything to your answer about resetting an expired password ? I mean, can you enroll if your password is expired or enrollment would fail due to the password being expired ?

Thanks again and have a nice day !

Konnan

October 3rd, 2013 12:06am

Hello Mr. Adare,

Thank you very much for this detailed post.

Is being enrolled or not would change anything to your answer about resetting an expired password ? I mean, can you enroll if your password is expired or enrollment would fail due to the password being expired ?

Thanks again and have a nice day !

Free Windows Admin Tool Kit Click here and download it now
October 3rd, 2013 12:19am

Hello again Mr. Adare,

Well you know your username and you know your expired password, that could be the validation method to allow you to enter the SSPR portal, then you can enroll, and reset your password after.

But I agree that there could be a security risk with it...

Thank you very much for the quick reply !

Konnan

October 3rd, 2013 2:07am

Hello again Mr. Adare,

Wondering if you are still around :-)

Do you know if it stays the same with Microsoft Identity Manager 2016 ?

Thanks !

Konnan

Free Windows Admin Tool Kit Click here and download it now
September 14th, 2015 5:00pm

Hello again Mr. Adare,

Wondering if you are still around :-)

Do you know if it stays the same with Microsoft Identity Manager 2016 ?

Thanks !

September 14th, 2015 10:28pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics