Jump to content
Matt

Domains and Privilege Accounts

Recommended Posts

Something I noticed this morning.  It would appear that the self service portal doesn't work with 2003 domains.  I have 2008 DC's, but a 2003 functional level.  When I attempt a password reset, it errors

 

An unexpected error has occurred performing a Password reset for UserID 'username'. Error = Update pwd result: UnavailableCriticalExtension for CN=User,OU=Accounts,OU=Sitename,OU=Locations,DC=europe,DC=domain,DC=net The parameter is incorrect (00000057: LdapErr: DSID-0C090B79, comment: Error processing control, data 0, v1db1) [The server does not support the control. The control is critical.]

 

I didn't get a warning when I added the AD domains about LDAPS.  So, is there a way to improve the validation to ensure that when checking for LDAPS, it maybe does an AD check also?

 

Also, why do seprate domain and privileged account configs exist for the reset portal.  Is there not a way to have it use the existing setup for passwordstate?

Share this post


Link to post
Share on other sites

Hi Matt,

 

We've updated our documentation for the next release to say that a 2003 functional level is not supported. We're not really sure how to test if a user has this domain configuration, apart from trying to do a reset and see if it fails or not - which is not ideal.

 

The reason we have separated the domains and Privileged Accounts, is because some customers want to use Passwordstate for both Privileged Account Management, and the reset portal - and they may not want certain domains or privileged accounts showing up on either screens.

Regards

Click Studios

Share this post


Link to post
Share on other sites
On 07/07/2017 at 8:52 AM, support said:

We're not really sure how to test if a user has this domain configuration

Get-ADDomain will tell you the functional level of the domain.

It would work as a solution in Matts case. Obviously it wouldn't work if the DCs are Server 2003 though.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×