To facilitate password changes for your Active Directory accounts, HCC provides the ADPasswordManager Plus server. Once a user has enrolled on this server, they may easily change their password, even if the password has been forgotten. Also locked accounts can be unlocked and each user can edit some of the user information stored with their account in Active Directory. To insure changes are made by you, you will need to authenticate to the service using Duo.
To login to the server visit https://password.hccanet.org. Note: you must enter https:// before the address. Once at the site you will see three options, each selectable by clicking. First in the sign in area. Below that is “Forgot your password?” and “Account locked down?” These last two will be covered later in this article.
To login, enter your domain username and your password, then click “Login”. You do not need to enter the domain or your full User Principal Name.
If you’ve entered the correct information, you will be shown the Duo Security Multi-Factor Authentication enrollment screen. Click “Start Setup” to begin.
Verify that “Mobile phone” is selected and then click “Continue”.
Enter your mobile phone number and then tick the box to verify you entered it properly. Next click “Continue”.
Click “Text Me” and the system will send your mobile phone a message with a six-digit code. Enter the code in the blank and click “Verify”. Next, click “Continue”.
On this screen you can click the drop-down and choose your default authentication method. I’ve chosen the “Automatically send this device a Duo Push”. This means any time I authenticate to this server, a push will automatically happen without being forced to make a choice.
Once you’ve made your choice, click “Save” and then click “Continue to Login”.
If Duo is synchronized with our Active Directory, you should see the screen below. Just click “Click here” to continue with your enrollment.
If you see a warning similar to the one below, you will need to contact IT. The most likely error you would see might indicate you are not authorized or allowed to use this application. This can occur if you are a new user and attempting your enrollment before the Duo administration system has synchronized with our Active Directory
If you have previously enrolled your account and mobile device the Duo Multi-Factor Authentication system you will skip directly to the typical authentication prompt. When you’ve approved the push, you will continue with the setup.
To complete your enrollment in the password server, click “Click here”.
Next, you will select three security questions from list and provide answers to each. You may never need to use these but you should try to pick questions and answers that cannot be easily retrieved from social media with which you may engage. Obviously, you will want to remember your answers. Click “Next” to continue.
If all your entries are satisfactory, you’ll see the green shaded successfully enrolled message as below.
If the purpose of your visit to the server is to change your password, once you’ve completed your enrollment you can click the “Change Password” tab at the top of the window. You will need to provide your current password and your new password. The complexity requirements are listed below. In the example provided, I’ve entered a new password of only 9 characters and clicked the blue “Change Password” button.
Since my new password did not meet the required length of 10 characters, an error message was generated. You will see something similar if you fail to meet any of the complexity requirements. To try again, click the “Close” button.
In this example, I’ve entered 10 characters, as required. This time when I clicked the blue “Change Password” button I received a notice that the password change was successful.
After the successful change of passwords you can click “Close”. If you wish, you can click the “Profile” tab at the top of your screen. This will allow you to see the information that is pulled from Active Directory to the password server. If you see any problem, you can click the “Edit” button. Note that your mobile phone number is a required field.
Once you’ve made the appropriate changes to your info, scroll to the bottom of the screen and click the “Update” button.
At any time and from any screen you can log out of the password server by clicking the down arrow in the upper right hand corner of the screen. Click “Sign Out’ to leave the system.
Besides changing your known password, from the initial login screen you can also choose to reset a forgotten password. Click “Forgot your password?” to do this.
Before you can reset a forgotten password, you must enter your username and the “Captcha” verification information. Click “Continue’ to move to the next step.
Next, you will be required to provide the answers to your security questions you selected during enrollment. Once you’ve entered the answers and the Captcha info, clicking “Continue” will take you to the password change screens shown earlier in the article. Notice the timer in the upper right of the screen. You must provide your answers before the timer expires.
It is possible if you’ve entered the wrong password multiple times that your account might become automatically locked. This would prevent you from accessing any domain functions. With your login to the ADPasswordManagerl server, you can choose the option, “Account locked down?”
Once again you’ll need to provide your login name and the Captcha info to make the change. Once entered, click “Continue”.
To unlock your account you will need to provide answers to your security questions just as in the example above. Once you entered your info and Captcha data you will get the opportunity to unlock your account.