locked
MIM SSPR Account Unlock RRS feed

  • Question

  • Hi,

    Looking at the MIM SSPR account unlock screen:

    Can this screen be customised? For example, we dont want this option to be available: "Keep your current password and unlock your account"

    So in AD, when your account is locked, you cant log in...so how does this setting actually work?

    "Keep your current password and unlock your account"

    How is MIM able to pass an AD password to unlock the AD account?

    Thanks,

    SK

    Tuesday, October 18, 2016 2:38 AM

All replies

  • The first option is the equivalent of ticking "Unlock account" on a user's account tab in ADUC without resetting their password.

    The second option is the equivalent of clicking "Reset Password" on a user and ticking "Unlock the User's account" on the reset password prompt.

    The act of unlocking is performed by your AD MA service account and the user is required to authenticate against your gate configuration so password is not required. 

    I don't think this can be customised... certainly on the web portal reset pages you can perform an unsupported change to hide the <div> the radio buttons reside in, however I don't know of a way to hide/remove it from the client.

    Tuesday, October 18, 2016 12:25 PM
  • Hi,

    Thank you for that clarification.

    It is a bit odd that Microsoft would assume EVERYONE wants the "Account Unlock" option...there should be an easy way to disable this radio button.

    Perhaps someone from the Microsoft MIM Product Team can comment?

    Thank you,

    SK

    Tuesday, October 18, 2016 7:48 PM
  • Agreed, it'd be good to hear some input on this...

    I don't have a lab I can test with at the moment but I wonder how the "Unlock locked accounts when resetting passwords" option in the ADMA password management settings changes the behaviour or functionality of all this.

    Tuesday, October 18, 2016 8:10 PM