No announcement yet.

AD Password Reset through IVR

  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Password Reset through IVR


    We are having specific requirement regarding Active Directory Authentication through IVR for eg user will dial in a number and it will prompt user to punch his Active Directory Account and for authentication his Date Of Birth. After giving necessary credentials he should be able to change his is possible???



  • #2
    Re: AD Password Reset through IVR


    I dont think so its possible in AD, you can not enforce AD to use/configure user birthday as his password. & why you want to do that

    waht if I know collegue birthday, i can logon and play with his imp data ....hehehe



    • #3
      Re: AD Password Reset through IVR

      I don't think he meant changing the password to the birthday.
      I think he meant after authenticating and entering the birthday , then he would be able to change his password.
      the birthday is another layer of protection if I understood him correctly.


      • #4
        Re: AD Password Reset through IVR


        You are right...DOB was an example i can use any other field from AD for authentication.


        • #5
          Re: AD Password Reset through IVR

          I really don't know any product which made this available, but I think that if you want to secure, you should have a look at tokens.
          Technical Consultant

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"


          • #6
            Re: AD Password Reset through IVR

            The problem will be authenticating to AD if the user doesn't have numeric only passwords.

            You then have to try many different compositions (73937325 can be sexfreak or........a crapload of other things)... so it would be incredibly slow and you'd have to have an incredibly weak account lockout policy.

            You could possibly script something out that would ask them for their birthday plus another numeric field (SSN? Watch out with that though!), and that would then login as an account operator, and reset their password. The password would then be read by text to speech..

            I'm not IVR master but checkout - I used it once and it was pretty nice, now you'd need to interface it to some SQL db that contains the info to authorize the user and then plug it into some command line commands to change the password and read it back.

            Make sure you design it and review the design with multiple people as to not make it completely insecure. And I wouldn't allow it for anyone with "high privilege".
            VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah


            • #7
              Re: AD Password Reset through IVR

              Sounds like a job for OTP. This will eliminate the requirement for changing password and will let you authenticate using numeric-only passwords.
              Guy Teverovsky
              "Smith & Wesson - the original point and click interface"


              • #8
                Re: AD Password Reset through IVR

                Hi there,

                You can actually reset password in AD via IVR. We are in the midst of doing this for 2 of our clients, one in the oil and gas industry and the other in a financial institution.

                The oil and gas guys have an rsa token and the financial institute ...well the have numerical authentication, and rsa - a mixture of both environment.

                Hope this helps ...

                You can contact me at wsunil[at]gmail[dot]com