Enabling password management in AD

The goal for SSPR is, usually, to reset the password of users' accounts in Active Directory, but the SSPR feature in MIM is not limited to Active Directory, and can be used to reset passwords in other connect data sources (CDS) as well.

In order for MIM to change the password of a user in AD (or any other CDS), the account used by MIM (svc-adma in our example) needs to have the reset password permission in AD, or a similar permission in another CDS:

In the Management Agent for the target CDS, in this case the AD, we need to check the Enable password management checkbox:
If we then look at the settings, we can make ...

Get Microsoft Identity Manager 2016 Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft Identity Manager 2016 Handbook by David Steadman, Jeff Ingalls

Enabling password management in AD

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly