4. Enter the new password. For enhanced security, select the User must
change password at next logonoption. Click OKto reset the user’spassword.A user’s password can also be easily reset from the command-line using the dsmod com-mand with the following syntax:
dsmod user UserDN -pwd NewPassword -mustchpwd {yes|no}.
The –mustchpwdmodifier denotes whether or not the user will be forced to changetheir password during the next logon attempt. Figure 1.34 demonstrates using the dsmodcommand to reset the password of user Roger Smith using the following command:
dsmod user "CN=Roger Smith,CN=Users,DC=corp,DC=mcsaworld,DC=com" -pwd *
-mustchpwd yes
Figure 1.34
Resetting the User Account Password from the Command-LineAgain, the password was supplied interactively during the reset procedure. Also, the userwill be forced to change their password the next time they logon to the domain. AppendixA has a complete listing and explanation of the available dsmodoptions.
Delegating Administrative Authority
Although referenced several times in this chapter, you may be wondering exactlywhat delegation is when it comes to Active Directory. It works the same way inActive Directory as it does in real life. Say, for example, that you are the departmenthead in a large manufacturing conglomerate. You have thousands of people whowork for you and an administrative assistant that helps to keep you on track,making sure that you get the things done that you need to. You might, in manycases, delegate some of your authority to your administrative assistant to allowthem to handle some things for you and take some of the burden off your shoul-ders. This also allows a continuity of operations to a certain degree should you beunavailable for a period of time.Active Directory works the same way. Users have specific user rights that are
Head of the Class...
assigned to them through their membership in certain groups. Users can have spe-cific explicit user rights configured on their accounts individually. The Delegation ofControl Wizard allows you to easily and accurately delegate administrative respon-sibility to groups and users. For example, it is fairly common for members of thehelp desk staff to be delegated the ability to reset users passwords. This saves thehigher-level network administrators from being burdened with low-level adminis-trative tasks. This delegation can be easily accomplished in three easy steps:
