MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure
https://docs.microsoft.com/azure
Creative Commons Attribution 4.0 International
10.28k stars 21.47k forks source link

How is the initial password set on newly create Active Directory accounts? How can this information be conveyed to the user. or user's manager, or service desk? #97320

Closed mlibenocg closed 4 months ago

mlibenocg commented 2 years ago

[Enter feedback here]


Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

mlibenocg commented 2 years ago

When a user object is created in Active Directory, it must have a password in order to be enabled. User needs to know this password to log on to Active Directory or Azure Active Directory.

MarileeTurscak-MSFT commented 2 years ago

@mlibenocg Thanks for your feedback! We will investigate and update as appropriate.

mlibenocg commented 2 years ago

Marilee,

I may have found an answer on the corresponding tutorial for Workday. It contains the following:

When processing a new hire from Workday, how does the solution set the password for the new user account in Active Directory? When the on-premises provisioning agent gets a request to create a new AD account, it automatically generates a complex random password designed to meet the password complexity requirements defined by the AD server and sets this on the user object. This password is not logged anywhere. I suspect Success Factors is the same.

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/workday-inbound-tutorial

Regards, Mike Liben

Client Confidential - OCG Internal From: Marilee Turscak - MSFT @.> Sent: Friday, August 19, 2022 12:38 PM To: MicrosoftDocs/azure-docs @.> Cc: Michael Liben @.>; Mention @.> Subject: [EXTERNAL]Re: [MicrosoftDocs/azure-docs] How is the initial password set on newly create Active Directory accounts? How can this information be conveyed to the user. or user's manager, or service desk? (Issue #97320)

[EXTERNAL] Use caution opening attachments, clicking links, or responding.

@mlibenocghttps://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmlibenocg&data=05%7C01%7Cmichael.liben%40oxfordcomputergroup.com%7Cd6b14f19bcbd433ea05b08da82013e04%7C9505d3230e794ceab1d35475ecc368b6%7C0%7C0%7C637965239117711842%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CaK4L7rQ96YED8%2FQDlsnRq4umfW2UwKc8zOYK%2FpY5hQ%3D&reserved=0 Thanks for your feedback! We will investigate and update as appropriate.

- Reply to this email directly, view it on GitHubhttps://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fazure-docs%2Fissues%2F97320%23issuecomment-1220876575&data=05%7C01%7Cmichael.liben%40oxfordcomputergroup.com%7Cd6b14f19bcbd433ea05b08da82013e04%7C9505d3230e794ceab1d35475ecc368b6%7C0%7C0%7C637965239117711842%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=FKP80d7P6YcBGLvaGjipkDxUSAxWIH3CMCqoQX1zvEY%3D&reserved=0, or unsubscribehttps://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAO3KH6VSXC5M2VB5UQFGC5LVZ62AFANCNFSM57AQLJIA&data=05%7C01%7Cmichael.liben%40oxfordcomputergroup.com%7Cd6b14f19bcbd433ea05b08da82013e04%7C9505d3230e794ceab1d35475ecc368b6%7C0%7C0%7C637965239117711842%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=psDW6I5RvGYq1toT9FiG%2BovSK2uzjIvBbV0z%2FZuVYbE%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.**@.>>

DISCLAIMER: The information contained in this message may be confidential and/or subject to legal privilege and is for the use of the intended recipient(s) only. Any unauthorized use, dissemination or copying of the information in this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message.

AjayBathini-MSFT commented 2 years ago

@mlibenocg we reviewed your statement and came to the point

When the on-premises provisioning agent gets a request to create a new AD account, if you go with "Auto-generated password" it automatically generates a complex random password designed to meet the password complexity requirements defined by the AD server and sets this on the user object. This password is not logged anywhere. If you go for option "Let me create the password" then following steps to be followed as mentioned below screenshot while creating the new password.

image image
mlibenocg commented 2 years ago

Thanks for update Ajay. The pop-up containing the password format guidance is obscuring the screen underneath. Am I correct in assuming the initial password set is the same for all users? Is there any provision-current or planned--for establishing the initial password with a formula that can leverage some attributes contained in HR attributes? For example, a common initial password formula may include portions of a person's first or last name and perhaps a portion of their birth date or national identifier.

omondiatieno commented 4 months ago

mlibenocg, we closing this issue and tracking the updates internally. Thank you for contributing to our docs.

please-close