Skip to content

Installation and upgrade steps

Ryan Newington edited this page Mar 5, 2018 · 5 revisions

Installation

1. Download the SharePoint WSP package

Download the latest package from the releases page

2. Install the module into the SharePoint farm

Using the SharePoint Management Shell

Add-SPSolution -LiteralPath "D:\temp\assisted-password-reset.wsp"
Install-SPSolution -Identity assisted-password-reset.wsp -WebApplication "http://mimportal.my.domain" -Force -GACDeployment -FullTrustBinDeployment
Enable-SPFeature -Identity assisted-password-reset -Url "http://mimportal.my.domain/IdentityManagement"
iisreset

Using stsadm

stsadm -o addsolution -filename D:\temp\assisted-password-reset.wsp
stsadm -o deploysolution -name assisted-password-reset.wsp -url http://fim/IdentityManangement/ -immediate -allowgacdeployment
stsadm -o activatefeature -name assisted-password-reset -url http://fim/IdentityManangement/

3. Edit your user view and edit RCDCs and include the following new control

<my:Control my:Name="PasswordResetLink" my:TypeName="UocHyperLink" my:Caption="Password reset" my:Description="" my:RightsLevel="{Binding Source=rights, Path=ObjectSID}">
  <my:Properties>
     <my:Property my:Name="Text" my:Value="Perform a password reset on this user account"/>
     <my:Property my:Name="NavigateUrl" my:Value="~/_layouts/assisted-password-reset/Reset.aspx?id=%Attribute_ObjectID%"/>
  </my:Properties>
</my:Control>

4. Perform an iisreset

When visiting the User Edit/View page, you should now have a link to the password reset page.

5. Assign appropriate permissions in Active Directory

Individual operators must have password reset and unlock account rights in Active Directory for this module to work correctly. Password reset operations are sent directly to the Active Directory. MIM itself does not participate in the password reset process.

6. Assign appropriate permissions in MIM Service

The operator must be able to read the following attributes of the user they want to reset the password for

  • ObjectSID
  • AccountName
  • Domain

7. Customize the module (optional).

The Configuration file reference provides details on how you can modify settings such as the length of the generated password and the attributes that are displayed in the user interface.

8. Configure Kerberos single-sign on (optional)

If you have Kerberos correctly configured in your MIM portal environment, you can avoid the operator getting a credential prompt by configuring Kerberos delegation.

Upgrading

Using the SharePoint Management Shell

Update-SPSolution -Identity assisted-password-reset.wsp -LiteralPath "D:\temp\assisted-password-reset.wsp" -GACDeployment -FullTrustBinDeployment 
iisreset

Using stsadm

stsadm -o upgradesolution -name assisted-password-reset.wsp -filename "d:\temp\assisted-password-reset.wsp" -immediate -allowgacdeployment
You can’t perform that action at this time.