Chat now with support
Chat with Support

Password Manager 5.7.1 - Administrator Guide (AD LDS edition)

About Password Manager Getting Started Password Manager Architecture Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow Overview Custom Workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings Password Policies Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Glossary About us

Removing Connection to AD LDS Instance

To remove a connection to AD LDS instance

  1. On the Administration site, select the Management Policy you want to configure and click the User Scope link.
  2. On the User Scope page, select the connection you want to delete and click Remove. Note, that the connection will be removed from this user scope only. If you want to permanently remove the connection, remove it everywhere where it is used, and then on the General Settings| AD LDS Instance Connections tab, click Remove under the required connection.

Adding Secret Questions

Secret questions are the main part of the Questions and Answers policy that allows authenticating users on the Self-Service site before users can perform any self-service tasks.

For more information on the Questions and Answers policy, see Configuring Questions and Answers Policy.

To create secret questions in the default language

  1. Open the Administration site by typing the Administration site URL in the address bar of your Web browser. By default, the URL is http(s)://<ComputerName>/PMAdminADLDS/.
  2. On the Administration site home page, click the Add secret questions link under the Management Policy you want to configure.
  3. On the Configure Questions and Answers Policy page, click Add questions in the default language.
  4. In the Edit Questions in the Default Language dialog box, specify mandatory, optional and helpdesk questions. To change the default language for secret questions click the Change language link.
  5. Change questions’ order by clicking the appropriate links.
  6. Click Save to save the questions and close the dialog box.

    IMPORTANT: Modifying a question list does not affect existing personal Questions or Answers profiles unless the users have to update their profiles as a result of the enforcement rules that require users to update Q&A profiles when the question list is modified. For more information on the enforcement rules, see User Enforcement Rules.

Management Policies


Checklist: Configuring Password Manager

Checklist: Configuring Password Manager

When you have installed Password Manager, follow this checklist to configure the solution to implement automated and secure password management in an AD LDS instance.

Table 5:




Prepare an access account to AD LDS instance.

Configuring Permissions for Access Account

Configure a user scope.


Configure the Questions and Answers policy: create language-specific question lists, and configure Q&A profile settings if required.

Adding Secret Questions

Configure a helpdesk scope to grant access permissions for the Helpdesk site to helpdesk operators and delegate administrative tasks.

Configuring Access to the Helpdesk Site

Configure self-service and helpdesk workflows to define what tasks will be available on the Self-Service and Helpdesk sites.

Self-Service Workflows

Helpdesk Workflows

If required, configure rules for enforcing users to register with Password Manager.

User Enforcement Rules

Configure general settings that apply to all Management Policies (such as account search options, SMTP servers, scheduled tasks, etc.)

General Settings Overview

Create password policies and configure password policy rules.

Creating a Password Policy

If you want to use Password Manager for cross-platform password synchronization, install One Identity Quick Connect Sync Engine and configure the product to integrate with Password Manager.

Reset Password in AD LDS and Connected Systems

Ensure that all Password Manager users have Java Script enabled in Microsoft Internet Explorer settings.


Ensure that the users know the Self-Service site URL and can access the site to register and perform password self-management tasks.


Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating