AnsweredAssumed Answered

Domain Account Password Management

Question asked by bashir.fazelyar on Jun 15, 2017
Latest reply on Jul 5, 2017 by bashir.fazelyar

Is it possible to configure PAM to allow CAC authenticated domain users to retrieve password of a Domain Admin account? Our Service Desk contacts the SysOps department on a daily basis to remove their CAC enforcement option in AD to allow them to logon to a new computer in order to join it to the domain. We were thinking about creating a Domain Account and allow Service Desk to login to PAM, retrieve that Domain Admin account credentials, use those credentials to join the machine to the domain and then check the password back in. We also want the password to be changed on view (CPOV).