Password resets and unlocking user accounts consume as much 30% of some organization’s Help Desk resources. Directory Password is an extra-cost add-on product for Directory Update v2.0 The user uses Directory Update to answer a series of security questions; the questions and answers are stored (encrypted and hashed) in the Active Directory.
Directory Password is designed to be an add-on product for Directory Update and thus requires the newest build of Directory Update v2.1 or later. Directory Password is configurable and allows you to customize it to fit your password and security requirements
Directory Password does not require a separate database instance. Instead, we store question and answer data in each user’s object in Active Directory. The questions that the user selects and the answers provided are stored in the PostalAddress. Questions are encrypted and the answers are hashed using an irreversible hash.
We use homePostalAddress to store incorrect logon count information. Both of these attributes are not frequently used in Active Directory and hold 4KB worth of information. The attributes that are used can be changed using the AppSettings.XML file. The Question and Answer data is not visible to the administrator.
Windows Server 2016 compatibility
Directory Update v3.0 compatibility. Directory Update is also now the master location for the PasswordSettings.XML file for Directory Password.
Miscellaneous bug fixes, browser compatibility fixes, and improved error detection.
Updated the code using the Bootstrap APIs to allow the screen to better display on a mobile interface.
Directory Update v2.7 or later should be used with this version.
A few fixes to the interface and improved password rule mapping and management.
Updated code so that it can evaluation a "Microsoft" strong password. A Microsoft strong password is at least 8 characters long and uses 3 out of 4 character types (special, number, upper case, and/or lower case.)
Created a forbidden string list. These strings cannot be found anywhere in the user's password.
Created an option so that user's user name is not allowed to be part of the password.
Installer will work now on Windows Server 2012 / 2012 R2 and software supports underlying .NET Framework v4.0.
Software requires a minimum of Directory Update v2.5.
Original version of Directory Password
Integrates with Directory Update v2.0/v2.1
Last Review: 3 Dec 2016