Lepide Active Directory Self service is a unique password self service solution. Unique because it’s unlike any other self service solutions. Password self service is usually difficult to implement or at least requires a lot of company resources. Consultants love selling security solutions as they can charge hefty prices for implementation.
Lepide Active Directory Self Service is unlike any other solutions. Installation is simple, it only takes about 5 minute to complete and you can log in to admin console immediately.
Lepide Active Directory Self Service review
Installation requires couple of confirmation clicks and that’s it.
Lepide Active Directory Self Service is a web application. You can choose http or https protocol. First time you log in, you use default username admin and password admin to log in. First thing that I noticed were only 5 tabs: Manage Domain, Dashboard, Configuration Report and Support. In order to deploy Active Directory Self Service you have to configure policy for domain. Domain policy controls which features are enabled and which settings you would like to apply to your users. Users can Reset domain Password, Unlock their AD Account, Update AD Attributes, Reset password on behalf of other users and Unlock account on behalf of other users. If needed you can enabled Automatic unlock for locked users.
As an added value you can also enable Password Expiry Notification – feature that is being sold separately with other vendors. Notification reminds users to change their passwords. Usually when users receive email notification that their password will expire, they will change password, usually the last day. Some users ignore those notifications, until it’s too late. But most users will change their passwords. I noticed the same effect when we implemented password expiry notification.
Another great feature is Self Update Attributes. You can allow users to update all or some attributes in Active Directory. This is really useful as you can relive your help desk of tasks that users can do by them self. You may not allow your users to change their names as this could be exploited, but you can allow your users to change their home phone number, internal number, mobile phone or address of their office. You can expect decrease of emails coming from HR department if this feature is implemented.
Self Unlock and Self Change Password policy
You can decide how many questions users have to answer before they can unlock or change password of their account. You can set minimum number of questions and number of characters in questions and answers. This is good for increased security. You can also define required number of User defined questions, questions that only users know the answer to. You can use questions that are in the template or you can set up your own.
Once your domain policy is set, you can send email notification to your users.
Via policy you can define which OU will receive email notification, Schedule of notification (Daily, Weekly, Monthly) and message which you can adjust based on the recipient group. You can use AD fields like %UserName% which will be populated with Users username, so that email get more personal. Part of the message is also link to portal where users can enroll for the Active Directory Self Service.
Once you configure and implement domain policy, you can monitor activity in the dashboard. Dashboard has the most important data available in the easy to understand view. You will see status of Active Directory accounts, Enrollment status, Audit data and 7 day Audit data.
Reports tab opens reporting window. There you will see the following tabs. General reports where you can run reports for Locked out users, Soon to expire users and expired users. Audit reports where you can run reports on Self update, Reset password, Unlocked account and Changed password. Enrollment reports can report on enrolled and un-enrolled users. This is useful when you sent out the policy and would like to keep track of enrollment. You can then remind users to enroll. Schedule Reports can be used to schedule email delivery of required reports to the inbox you want. For example, you can include department managers who then monitor the progress of their team.
Lepide Active directory Self Service User Interaction
You can deploy Lepide Active directory Self Service to your users via email or via web link you place on the company intranet. When users open portal, they can register to Self Service for Active Directory. If they are already registered they can Unlock their AD Account or they can Reset Active Directory Password.
When users log in for enrollment, they receive notification that they have to enroll first.
Depending on your policy users have to define answers to the questions. Once they complete this step, they are enrolled and they can use Lepide Active Directory Self Service.
One feature that is really important and is my favorite is ability to authorize Co-workers to unlock their account. Really useful when people are working from home. Instead of calling help desk they can call their friends who can unlock them. Without IT intervention.
Users can also update their User information in Active Directory via Self-info Update. This feature can be turned on and off. If you turn it off, it won’t be visible to the users.
Second feature that is really cool is called GINA, short for Graphical Identification and Authentication. You can deploy a small program on computers which does magic to the users who are locked out and can not log in to the computer. Once program is installed users have the ability to unlock their AD account or reset password by pressing CTRL+ALT+DEL. New option is displayed below How do I sign in to another domain – LDASS Password change. When user clicks on this option, new window is opened – you guessed it – Lepide Active directory Self Service. Users can easily unlock their account or reset their password. This is extremely useful when people return from holidays only to discover they forgot their passwords. In some cases they try to enter the wrong password several times and also lock their account.
GINA is perfect solution for such cases. You can deploy Gina via Group policy or you can install it like a regular program individually on computers.
Lepide Active Directory Self Service Review Summary
I am really impressed with Active Directory Self Service from Lepide. Before review I thought that it’s another Self Service Solution which is complicated to use, requires installation manual and is very expensive. Lepide created a product that is exactly the opposite, it’s simple to install, simple to use and has the right features to help IT reduce burden of AD Account management. End users also benefit as they don’t have to call Helpdesk to unlock their account. Price is affordable even for smaller companies. You can download fully functional trial version from Lepide Website.