Immediately after the software is installed, Active Directory Client Extensions is running and visible in the system tray.
The user is notified and requested to change their soon-to-expire domain account password. Default notification occurs 14 days before password expires.
From the system tray menu, users have the option to change their domain account password or view Domain Password Policy. Using ‘My Account’, they can also update their Active Directory domain account information including the thumbNailPhoto attribute that is used by Microsoft Outlook 2010 and other apps.
In this simple to use form, user may change their domain account password. If the option to create a local elevated user account is enabled ( following %username%-la syntax ), the local user account password is also updated.
The form may be modified by displaying custom text and custom button text. The button target may be a website, email address, UNC path to network folder or file or to a binary file ex. for the Cisco VPN Client, specify C:Program FilesCisco SystemsVPN Clientvpngui.exe or appropriate full path to the application file in the ADCE GPO setting.
The form may be modified by displaying custom text and custom button text. The button target may be a website, email address, UNC path to network folder or file or to a binary file ex. for the Cisco VPN Client, specify C:Program FilesCisco SystemsVPN Clientvpngui.exe or appropriate full path to the application file in the ADCE GPO setting.
Domain Password Policy is displayed when the user types new password string that does not conform with the domain password policy. Alternatively, the users may simply click on the ribbon bar to educate themselves about the domain password policy.
Users may update their account information, when the administrator has enabled appropriate settings in ADCE GPO setting and delegated users i.e. the SELF security principal or the AUTHENTICATED USERS security principal *Write* permission to user attributes. By default, users have permission to write Personal Information attributes; for additional attributes, the administrator can run Delegate Control wizard.
Users may be notified when their password or their domain account will expire. The settings can also be applied using GPO ( recommended ).
Designated administrators ( member of specific Active Directory security group ) may decrypt built-in administrator account passwords. Passwords are system generated and updated periodically on all ADCE installed computers. Passwords are maintained in encrypted form in Active Directory. Additionally, a backup administrator account may be created along with a mapped local account for the logged in user’s domain account. The local account mapped to domain user account is used to grant the user elevated privileges.
System Information.
