If the user AD authenticates there is no Orion password to change. For those who don't AD authenticate you should make Orion accounts for them.
I see what you are looking for now - I'll check into it.
Right, but you are missing my point.
I have a large number of external users who log into SolarWinds. In order to avoid managing dozens of different accounts with various needs (some get NCM, some don't. Some have one toolbar, others have a different one, etc) I've created AD users instead, and added them to various AD groups. Then I add the AD group into SolarWinds, making that side of the management equation much easier to handle.
My challenge is that these users - who will NEVER log into AD - can't change their password.
And of course, I don't want to create Orion user accounts for them because it would mean changing each user account when I needed to update a view, toolbar, etc.
Does that make better sense?
I see you updated your response. I eagerly await your reply!
I found that the only place that ability exists is in the Setting area. I'll mark this for a PM to see for a possible feature.
That is something we will have to consider for a future release. Most users who are using AD, their users are logging into Windows for example and use the native facilities there to change their passwords.
Also you can set the password in AD to never expires and create one for them and send to them, just a thought.
Why are you using AD for those users if they don't use AD except for Orion?
Is it because of the grouping making the configurations of Orion simpler? If so, maybe some internal Orion user groups would be better, but I don't think Orion has that (at least not now).
I see the AD auth piece just a way to off load password management to AD, but if those uses don't touch AD, then keep the password managment in Orion.
What do you think?
The problem with setting passwords to "never expire" is that we'd fail any security audit which is a deal breaker for many of our customers, not to mention our own internal standards.
After a bit of investigation, I came up with 4 possible solutions (at least until SolarWinds solves it internally):
- Implement IISADMINPWD. Since we run Win 2008 R2, it would mean pulling the files from a 2003 installation (64bit, no less) and kludging merrily along. It works (as indicated by many on the internet) but just seems like an inelegant solution. Plus, I don't have a 2003 64bit server to pull from, so it was a hassle.
- Implement one person's home-grown HttpMethod replacement for IISADMINPWD (http://iisadmpwdhttpmodule.codeplex.com/). I'm sure he's a nice guy, but installing one person's custom-compiled code just seemed like the wrong way to go.
- NetWrix (www.netwrix.com) has already done the job for me. They've got a single MSI installer that works on anything from WinXP on up (yes, up to 2008 R2). I couldn't install the "ChangePassword" directory *into* the NPM website, but I didn't have to, either. I just created another site and installed it there. Now I can add a toolbar menu to all my external users which redirects to the other site.
Admittedly, I'm still testing it out and shaking out the bugs, but this seems like the easiest way to go. Cheapest too. It's free for under 300 users. The licensed version starts at about $500.
Anyone who wants additional details should shoot me a PM.
Good feedback about our product, thanks! I know it's an old post, but I wonder if it finally worked for you after testing.
Yep, we got it working and - while it required us to modify the login page to let users know where to click to change their password - it was sufficient to our needs.