alanchan1984 Absent Member.
Absent Member.
1697 views

SSPR Assign user rights for AD

Hi,

I've tried to follow the documentation, the documentation said using a tool to extend the schema and the user rights for the Active Directory, however I found that the supplemental folder doesn't have the ssprADSchema.exe.

And i've tried to extend the schema by using the AD-Schema.ldif file, and manual delegate the user rights on SELF read write to all the pwm* schemas, but i still get the error insufficient rights.

Please advise.

Thanks.
0 Likes
3 Replies
mroyall Absent Member.
Absent Member.

Re: SSPR Assign user rights for AD

The following worked for me.

-------
Open Active Directory Users and Computers… Select the Container where you want to delegate Rights for SSPR
Click Next >
Click on Add..
Type in the Container name where you would like to give rights for SSPR users. This should be done for All OU’s where SSPR Users will be found.
Select “Create a custom task to delegate” Click Next >
Select “Only the following objects in the folder” And scroll down and check "User Objects" Click Next >
Unselect the “General” permissions and Select “Property-specific”
Scroll down and find the pwm attributes and select them. Click Next >
That should allow any users in the ‘Users” OU to store there security questions answers on their user object in AD.
-------
If the pwm attributes don't show up that might mean the schema wasn't extended properly

Mark
0 Likes
alanchan1984 Absent Member.
Absent Member.

Re: SSPR Assign user rights for AD

mroyall;2438577 wrote:
The following worked for me.

-------
Open Active Directory Users and Computers… Select the Container where you want to delegate Rights for SSPR
Click Next >
Click on Add..
Type in the Container name where you would like to give rights for SSPR users. This should be done for All OU’s where SSPR Users will be found.
Select “Create a custom task to delegate” Click Next >
Select “Only the following objects in the folder” And scroll down and check "User Objects" Click Next >
Unselect the “General” permissions and Select “Property-specific”
Scroll down and find the pwm attributes and select them. Click Next >
That should allow any users in the ‘Users” OU to store there security questions answers on their user object in AD.
-------
If the pwm attributes don't show up that might mean the schema wasn't extended properly

Mark


I found that the user didn't assigned appropriate rights for the LDAP Proxy User, didn't have rights to change users' password.

Thanks for helping..
0 Likes
AutomaticReply Absent Member.
Absent Member.

Re: SSPR Assign user rights for AD

alanchan1984,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.