Managing Windows Member Server Credentials

From Onepoint Systems Integration
Jump to: navigation, search

To proceed with the steps below, it is necessary:

To have a management account with user password change permissions, this account is used by onepoint to manage and change the password of the DC accounts.

Domain must be already on onepoint (Managing Active Directory Credentials)


Steps

1- In Onepoint, go to Settings > Asset.

2- Click New.

3- Select type. Windows

4- Fill in the fields with your Domain information. Name - IPV4 - Domain


Wincred1.png

Wincred2.png

 NOTE:The information above is demontrative, the filling has to be done according to the information of your domain. 


5- Click Save Asset

6- In Onepoint, go to Vault > Delegate Credentials, add the management account with password change permissions, below follow the steps that must be performed.

  • Click New.
  • Credential Type select Active Directory
  • Server Name put your domain.
  • Credential Name place the management account.
  • Click Confirm

Asset12.png


 NOTE:The information above is demontrative, the filling has to be done according to the information of your domain.


  • After performing the step above, click on the password field.

Asset13.png


  • Uncheck Randomize Password, add the management account password, click Confirm


7- Go to Development > Development Studio.

Asset3.png


8- Click Open Script in Development Studio, select script name: windows-account-discovery.

Wincred4.png

  • Click Open Script.

9- Change adminaccount and place a management user with password change permissions.

Windcred5.png

  • After making the necessary change, save the script.
 Note: The same management account must be used in the next step.


10- Click Open Script in Development Studio, select script name: windows-change-password

Wincred6.png

  • Click Open Script.


11- Change adminaccount and place a management user with password change permissions.

Wincred7.png

  • After making the necessary change, save the script.


12- In Onepoint, go to Settings>Asset, in the right corner of the screen there is a down arrow, click on it and choose option credential discovery.

Wincred8.png

Wincred9.png

  • Click YES, Go Discover.


13- In Onepoint, Go to Task Evolution > Task Logs, make sure have completed the credential discovery service.

Wincred10.png


14- In Onepoint, go to Vault > Managed Credentials, it is already possible to view user accounts for your domain.

Wincred11.png


15- In Onepoint, go to Vault > Managed Credentials, choose an account for the password to be enveloped, in the right corner of the screen there is a down arrow click on the option Change password.

Wincred12.png

Wincred13.png


  • Click Confirm.


16- In Onepoint, Go to Task Evolution > Task Logs, make sure have completed the change password.

Wincred14.png


17-In Onepoint, go to Vault > Managed Credentials, you will see that the account you chose to be enveloped will have a yellow stripe in the password field, below we will show how you request this password.


Wincred15.png


  • Click on the yellow field to request the password.


Wincred16.png


  • In the Expiration field, you determine how long the password is available, in the Comment field, make a comment for using the password and click Confirm.


Wincred17.png


  • Note that in the password field it turned blue, it means that the password is available and ready to use, to copy the password, just click on the password field.


18- In Onepoint, Go to Task Evolution > Task Logs ,you can verify that you have created a task in the future that will be automatically executed for returning and changing password.


Wincred18.png


19- If you wish to return the password before te specified duration, just follow the steps below.

  • In Onepoint, go to Vault > Managed Credentials
  • Click on the down arrow where the account you requested the password is and click on the option Check-in Password.


Wincred19.png


  • In Onepoint, Go to Task Evolution > Task Logs, you can verify that the task that was scheduled for the future was performed at the time you checked in the password manually.


Wincred20.png