戻る
-
タイトル
How Password Changes Work in Password Manager -
説明
How Password Changes Work in Password Manager.
-
対策
Changing a user’s password in Password Manager is a two-step process:
1 - Password Reset (Randomization)
- When a user requests a password reset, Password Manager first generates a random password with some special characters.
- When Password Manager generates a temporary random password, it includes a mix of:
- Uppercase letters (A–Z)
- Lowercase letters (a–z)
- Numbers (0–9)
- Symbols (e.g., !, @, #, $)
- This reset bypasses the Active Directory password history check.
- However, the random password is immediately added to the user’s history list as a “used” password.
2 - Password Change (User-defined password)
- Once Password Manager knows the temporary password it has just set, it performs a standard “Change Password” operation on behalf of the user.
- The change is verified against Active Directory's password history policy.
- If the requested password has been used before, AD rejects the change and Password Manager displays an error.
- If the password is valid, Active Directory accepts it, and the user’s password is updated.
This design ensures that:
-
Password Manager never needs to know or reverse-engineer existing or historical user passwords.
-
Password changes remain compliant with AD password history policies.