This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SafeGuard Admin Console not logging in after AD password change

We are new to SafeGuard and have 4 admins with the admin console installed. When one of them changes their password based on our AD policy, the password is not updated in SafeGuard admin console. It only accepts that last password. How can we update this to always use AD?



This thread was automatically locked due to age.
Parents
  • Hi Josh,

    in case that you use Active Directory promoted Security Officers (see Admin manual chapter 11.11 "Promoting security officers" for more details), the Security Officer password will be synchronized with the Active Directory User's password if the password is changed on a SafeGuard Client.
    If the password is not changed on a SafeGuard Client, the Security Officer's password in the SafeGuard Database cannot be updated automatically and you need to login with the "old" password.

    I would recommend that you only use Active Directory promoted Security Officers if your administrators are working on a machine with SafeGuard installed. Use SafeGuard Security Officers for administrative staff that is not working on a SafeGuard machine.

    To resolve that situation in your case, log on to the SafeGuard Enterprise Management Center with a (Master) Security Officer account, browse to the affected Security Officers Active Directory User object, select the certificates tab and delete the certificate.

    By deleting the certificate, the Security Officer account will be demoted automatically.

    You can now decide if you want to promote the Active Directory User account to a Security Officer again or create a new SafeGuard Security Officer (Management Center -> Security Officer tab -> new) with a password, that is not bound to the Active Directory password of the user.


    Best Regards,
    ChrisD
Reply
  • Hi Josh,

    in case that you use Active Directory promoted Security Officers (see Admin manual chapter 11.11 "Promoting security officers" for more details), the Security Officer password will be synchronized with the Active Directory User's password if the password is changed on a SafeGuard Client.
    If the password is not changed on a SafeGuard Client, the Security Officer's password in the SafeGuard Database cannot be updated automatically and you need to login with the "old" password.

    I would recommend that you only use Active Directory promoted Security Officers if your administrators are working on a machine with SafeGuard installed. Use SafeGuard Security Officers for administrative staff that is not working on a SafeGuard machine.

    To resolve that situation in your case, log on to the SafeGuard Enterprise Management Center with a (Master) Security Officer account, browse to the affected Security Officers Active Directory User object, select the certificates tab and delete the certificate.

    By deleting the certificate, the Security Officer account will be demoted automatically.

    You can now decide if you want to promote the Active Directory User account to a Security Officer again or create a new SafeGuard Security Officer (Management Center -> Security Officer tab -> new) with a password, that is not bound to the Active Directory password of the user.


    Best Regards,
    ChrisD
Children
No Data