This website uses cookies to ensure you get the best experience on our website. Learn more
Search for custom AD attributes from the helpdesk
From Specops Password Reset (SPR) 6.4 and onwards, there will be a new registry setting that will allow you to specify the AD attribute to search from the helpdesk.
If the registry setting is not set, the default will be Ambiguous Name Resolution (ANR), a consolidation of some common attributes on the user object. Previous version of SPR searched for “sAMAccountName”, “givenName”, “sn” and “cn”. The difference now is that we will now also search “displayName” by default.
For more details about ANR, click here!
The new setting in the registry is a multi-string value called “CustomAttributesToSearch” under “HKEY_LOCAL_MACHINE\SOFTWARE\Specopssoft\Specops Password Reset\Server”.
The behavior for SPR 6.3 and older would have values configured in the following way:
To use ANR and a custom attribute, you will need both “anr” and “description” in the value data.
Note: You need to have both “anr” and “description”. If only “description” is used, it would replace the default value ANR.
This feature could be useful for some of our customers. For example, a helpdesk user in a school may want to list all students in a class. If they, for instance, have the student’s class stored in ‘description’ it would be possible to search for all students in class 7C by typing the AD attribute ‘7c’ in the helpdesk search.
(Last updated on October 8, 2024)
Related Articles
-
Specops Authentication enrollment data in Active Directory
The Specops Authentication cloud platform is unique in that user data is stored in the customer’s on-prem Active Directory database. Usernames, passwords, and enrollment data/proofs for the various Identity Services provided by Specops Authentication are stored in the customer’s Active Directory database. When a user enrolls in Specops Authentication (uReset, Key Recovery, etc.), enrollment data/proofs…
Read More -
Stale user accounts report in Active Directory
Stale (inactive) user accounts in Active Directory can provide attackers (and former employees) with an easy path into a corporate network. Even if the stale user account is not a privileged account, it can be used for privilege escalation attacks, such as Kerberoasting. Organizations must introduce the proper technical processes and department communication to remediate…
Read More -
Sync passwords between Active Directory domains
There are many reasons why you might want to sync a password between two Active Directory (AD) domains. We commonly see requests from customers who are looking at migrating their users from one domain to another. This could be for many reasons including acquisition/divesting, domain upgrades, or even syncing to another AD domain that hosts…
Read More