Difference between revisions of "Managing Active Directory Credentials"
Diego Lopes (talk | contribs) (Created page with "To proceed with the steps below, it is necessary: 1. to have a management account with user password change permissions, this account is used by onepoint to manage and change...") |
Diego Lopes (talk | contribs) |
||
| Line 21: | Line 21: | ||
5- Save Asset. | 5- Save Asset. | ||
| + | |||
6- Go to '''Development''' > '''Development Studio'''. | 6- Go to '''Development''' > '''Development Studio'''. | ||
[[File:Asset3.png]] | [[File:Asset3.png]] | ||
| + | |||
| Line 32: | Line 34: | ||
*'''Click Open Script'''. | *'''Click Open Script'''. | ||
| + | |||
| + | |||
8- Change adminaccount and place a management user with password change permissions. | 8- Change adminaccount and place a management user with password change permissions. | ||
| Line 38: | Line 42: | ||
*After making the necessary change, save the script. | *After making the necessary change, save the script. | ||
| + | |||
| Line 53: | Line 58: | ||
*After making the necessary change, save the script. | *After making the necessary change, save the script. | ||
| + | |||
| Line 62: | Line 68: | ||
*'''Click YES, Go Discover!''' | *'''Click YES, Go Discover!''' | ||
| + | |||
12- In Onepoint, Go to '''Task Evolution > Task Logs''' , make sure have completed the credential discovery service. | 12- In Onepoint, Go to '''Task Evolution > Task Logs''' , make sure have completed the credential discovery service. | ||
[[File:Asset10.png]] | [[File:Asset10.png]] | ||
| + | |||
| + | |||
| + | |||
| + | 13-In Onepoint, go to '''Vault > Managed Credentials''', it is already possible to view user accounts for your domain. | ||
| + | |||
| + | [[file:asset11.png]] | ||
| + | |||
| + | |||
| + | 14- In Onepoint, go to '''Vault > Delegate Credentials''',add the management account with password change permissions, below follow the steps that must be performed. | ||
| + | |||
| + | *Click '''New'''. | ||
| + | *Credential Type select '''Active Directory''' | ||
| + | *Server Name put your domain. | ||
| + | *Credential Name place the management account. | ||
| + | *Click '''Confirm''' | ||
| + | |||
| + | [[File:Asset12.png]] | ||
| + | |||
| + | |||
| + | '''NOTE:The information above is demontrative, the filling has to be done according to the information of your domain'''. | ||
| + | |||
| + | |||
| + | * After performing the step above, click on the password field. | ||
| + | |||
| + | [[File:Asset13.png]] | ||
| + | |||
| + | *Uncheck '''Randomize Password and Change the password on the target''', add the management account password, click Confirm. | ||
| + | |||
| + | |||
| + | 15- In Onepoint, go to '''Vault > Managed Credentials''', choose an account for the password to be enveloped, in the right corner of the screen there is a down arrow click on the option '''Change password'''. | ||
| + | |||
| + | |||
| + | [[File:Asset14.png]] | ||
| + | |||
| + | [[File:Asset15.png]] | ||
| + | |||
| + | *'''Click Confirm''' | ||
| + | |||
| + | |||
| + | 16- In Onepoint, Go to '''Task Evolution > Task Logs''' , make sure have completed the change password. | ||
| + | |||
| + | |||
| + | [[File:Asset16.png]] | ||
| + | |||
| + | |||
| + | 17- | ||
Revision as of 12:19, 5 May 2020
To proceed with the steps below, it is necessary:
1. to have a management account with user password change permissions, this account is used by onepoint to manage and change the password of the DC accounts.
2. Onepoint server shall be able to resolve FQDN of the domain.
Steps
1- In Onepoint, go to Settings > Asset.
2- Click New.
3- Select type Active Directory.
4- Fill in the fields with your Domain information.
5- Save Asset.
6- Go to Development > Development Studio.
7- Click Open Script in Development Studio, select script name: ad-account-discovery.
- Click Open Script.
8- Change adminaccount and place a management user with password change permissions.
- After making the necessary change, save the script.
9 - Click Open Script in Development Studio, select script name: ad-change-password.
- Click Open Script.
10- Change adminaccount and place a management user with password change permissions.
- After making the necessary change, save the script.
11- In Onepoint, go to Settings > Asset, in the right corner of the screen there is a down arrow, click on it and choose option credential discovery.
- Click YES, Go Discover!
12- In Onepoint, Go to Task Evolution > Task Logs , make sure have completed the credential discovery service.
13-In Onepoint, go to Vault > Managed Credentials, it is already possible to view user accounts for your domain.
14- In Onepoint, go to Vault > Delegate Credentials,add the management account with password change permissions, below follow the steps that must be performed.
- Click New.
- Credential Type select Active Directory
- Server Name put your domain.
- Credential Name place the management account.
- Click Confirm
NOTE:The information above is demontrative, the filling has to be done according to the information of your domain.
- After performing the step above, click on the password field.
- Uncheck Randomize Password and Change the password on the target, add the management account password, click Confirm.
15- In Onepoint, go to Vault > Managed Credentials, choose an account for the password to be enveloped, in the right corner of the screen there is a down arrow click on the option Change password.
- Click Confirm
16- In Onepoint, Go to Task Evolution > Task Logs , make sure have completed the change password.
17-
