It’s always a pain; you’ve been away on vacation and vaguely remember your Active Directory password. You try $p!d3rm@N, then $pId3rM@n, then $P1derMAN, and then you remember, of course, it’s $0oP3rmAn. But by then it’s too late. Your Active Directory account is locked (l0ck3d).
In the old days, you would grab the sports section and go read about the World Series Champion San Francisco Giants for 20 minutes, parrying questions about your laziness with barbs at the Active Directory domain password policy.
But is that how an enlightened IT department should run a business? Sure, this Active Directory lockout policy does wonders against brute force hacking, but it also does wonders against workforce productivity.
Why not enable your AD password reset solution to also unlock Active Directory accounts? Your locked out user authenticates themselves with their secret questions and the software unlocks their account. You might even consider having them change their password to something they might remember at the same time.
So, the user gets rid of the frustration of being locked out, the company’s productivity gets 20 minutes back, and you avoid a help desk call. There is absolutely no downside to this scenario.
And, once that user is logged in, they can browse over to sfgate.com to read more about how those Giants are doing (just to end the blog post with something ironic, real users don’t do that).
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.