I have been having the same discussion with them for weeks!
I cannot believe we are the 1st ones to bring this up! HOW/WHY would you default to the domain email address, when that's the account that is LOCKED/ or Forgotten Password????
↧
Re : Password Reset Options: Disable Domain Email as the primary reset option
↧
Re : deleting an enrolled user
Yes, login to the admin console and click on the Reports tab and then click on Enrolled Users Report then search for the enrolled user and click on the red X to Disenroll
↧
↧
Re : Multiple ManageEngine software on the same server
Hi Marcelo,
This may be due to the insufficient permission for the service account or the logged in user, over the installation directory. Please ensure that the service account which runs ADSelfService Plus service has full permission on the "C:\ManageEngine\ADSelfService Plus" folder then starts ADSelfService Plus.
↧
Re : Can you edit the Enrollment Pop up ?
Hi,
You can modify the text as per your requirement by following the below steps.
1) Stop ManageEngine ADSelfService Plus service.
2) Take a backup copy of "ApplicationResources_en_US.properties" file located at
"C:\\ManageEngine\\ADSelfService Plus\\resources\\adssp" folder to a different location.
"C:\\ManageEngine\\ADSelfService Plus\\resources\\adssp" folder to a different location.
3) You could search for the text and remove it from the "ApplicationResources_en_US.properties" file.
4) Start ManageEngine ADSelfService Plus service.
Regards,
↧
Re : Verification Code Length
Hi Javeed,
I am afraid to say that the requested feature is not supported by ADSelfService Plus at present, will update you when it is available.
↧
↧
Re : Exculde users who's account has expired because of end of date
Hi Matti,
The requested feature is already available with ADSelfService Plus. Please follow the steps below to restrict account expired users,
* Login as 'admin' to ADSelfService Plus.
* Navigate to 'Admin' tab --> License Management --> Restrict Users --> click 'Restrict Users' button to select the 'Account Type' as Account Expired and manually restrict the users.
or
* Click on the 'Schedule to Restrict' button to do it automatically.
↧
Re : ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Hi Roger,
This could be due to private key on the new cert is not matching with the existing selfservice.keystore file in ADSelfService Plus. You need to regenerate a new CSR through ADSelfService Plus which also generate a new SelfService.keystore file then use the CSR to get the SSL cert rekeyed from your certificate authority to get the SSL certs and import that to the SelfService.keystore.
↧
Capture email address in conversation
Hi
Is it possible to edit the conversation view to display the From Address of the person as well as their name.
And would it be possible to have variables for any CC addressee information included in the ticket to allow these to be added to ticket notifications.
↧
Re : Exculde users who's account has expired because of end of date
Ok. Thanks.
Does it also disable password notification email for those user accounts?
↧
↧
Re : Can you edit the Enrollment Pop up ?
Thank You
↧
Password Reset allows users to use previous password
Seeing how Password Reset is an admin function of AD(which requires no knowledge of the users old password), and change password requires the end user to know their password before they can change it, we noticed that users are able to click the "reset password" link on Self Service Plus and simply re-use a previous password.
Setting a minimum age in group policy does nothing, as most users are smart enough to just reset it (rather than change it) just before it expires, so its already past the minimum age, and the maximum age timer gets reset as well.
How are other folks getting around this?
↧
Connection problem with GINA link
Hello
We have moved our ADSelfServices Plus from one server to another server. The Last server has 3 IP addresses and the new URL of the ADSSP console is https://password.mydomain.com (we changed the port from 9251 to the default port 443)
So the console works fine, but the GINA link try to connect to http://password.mydomain.com:8888 The DNS record point to one of the 3 IPs and the good one.
Everything works fine, only GINA displays an error when trying to connect to http://password.mydomain.com:8888 as you can see below
NB: on the new server we have installed the ADSSP from scratch and copied this folder \ADSelfService Plus\resources\adssp to the new server in the same place
↧
Forcing ADSSP to get Display Name instead of Full Name when end user try to selfupdate attributes
Hi All,
I'm working with ADSSP and I have a Challenge. In fact, In Active Directory logon name and full name are set as numbers and this cause a problem when an end user try to update his "Manager Attribute" he can't Know what to choose since he doesn't know his managers' ID, it will be great if the name is displayed. So, is it possible to force ADSSP to get the Display Name instead of Full name?
Regards Rochdi
I'm working with ADSSP and I have a Challenge. In fact, In Active Directory logon name and full name are set as numbers and this cause a problem when an end user try to update his "Manager Attribute" he can't Know what to choose since he doesn't know his managers' ID, it will be great if the name is displayed. So, is it possible to force ADSSP to get the Display Name instead of Full name?
Regards Rochdi
↧
↧
Admanager plus
We use admanager and admanager plus. I have a user that was in the self service password reset but we deleted her so she could remake her account. Usually what happens is they log back into the self service portal and they can create their credentials again so they can use it.. this time instead they are getting "they have been restricted" and are no longer listed as an enrolled user and no longer showing as un-enrolled simply just gone. They are still active in AD manager and we have re-synced self service password reset and still this user will not show back up in there.
↧
Did you know - How to apply a wildcard SSL certificate in ADSelfService Plus?
Gone are the days when you have to purchase a separate SSL certificate for each subdomain. With Wildcard SSL, you can secure your primary domain and all subdomains with just a single certificate.
This week let me take you through the steps to apply a wildcard SSL certificate (PFX certificate) in ADSelfService Plus.
Step 1: Enable SSL in ADSelfService Plus
- Log in to ADSelfService Plus with admin credentials.
- Navigate to Admin tab -> Product Settings -> Connection.[Refer Image]
- Select Enable SSL Port [HTTPS] checkbox.
- Enter 9251 as the port number.
- Select Encrypt Keystore Password checkbox.
- Enter your Keystore password.
- Click Save and restart ADSelfService Plus.
Step 2: Bind the certificate with ADSelfService Plus
- Export and place your PFX/PKCS 12 certificate file at <Install Directory>\conf (By default: C:\ManageEngine\ADSelfService Plus\conf) folder.
- Open the server.xml file present at the same location.
- Navigate to the end of the XML file and replace the values of the following SSL connector tag:
- "keystoreFile" with "./conf/YOUR_CERT_FILE.pfx"
- "keystoreType" with "PKCS12”
Eg: <Connector SSLEnabled="true" acceptcount="100" clientauth="false" connectiontimeout="20000" debug="0" disableuploadtimeout="true" enablelookups="false" keystoreFile="./conf/YOUR_CERT_FILE.pfx" keystorepass="${adssp.keysorePass}" keystoreType="PKCS12" maxsparethreads="75" maxthreads="150" minsparethreads="25" name="SSL" port="9251" scheme="https" secure="true" sslprotocol="TLS" sslprotocols="TLSv1,TLSv1.1,TLSv1.2"/>
- Restart ADSelfService Plus and check if the certificate is installed correctly.
- Note: Since the keystore password is encrypted, the value of keystorePass property in server.xml file will be assigned as ${adssp.keysorePass}.
↧
Re : Connection problem with GINA link
Have you tried reinstalling GINA (not uninstalling and reinstalling).
↧
Email push formatting, or lack there of.
I just recently did an email push for enrollment. There were no HTML controls in the box so I formatted it as best I could in plain text, when it went out, it looked so bad most of my employees either ignored it or actually called me thinking we got hacked and that it was a virus.
Can the emails be configured with HTML to look better and perhaps match our internal memo emails? I am sorry if it is obvious, but I am unable to find anything.
Thank you,
Jim
↧
↧
[Free Seminar] ManageEngine's Global Active Directory Seminar, UK 2017
ManageEngine is back with some great news. Derek Melber, ActiveDirectory MVP, sets
foot in London & Scotland for the Global Active Directory Seminar on Next-gen security hardening of
Windows Active Directory
When? Feb 28th @ Scotland &
Mar 02nd @london
Know the latest trends and techniques by configuring and monitoring critical AD #security
settings and getting instant notifications for security alerts. You can also discuss your Active
Directory queries with the Active Directory expert himself.
↧
Windows 10 Gina Not Working
Hello,
We are installing the GINA manually on Windows 10 computers and the "Reset/Unlock" button never appears at the login screen. We are at loss for what may cause this.
Thanks for any help!
↧
Re : Exculde users who's account has expired because of end of date
Hi Matti,
Yes, it will also disable all types of notifications from the application to those user accounts.
↧