Password Reset can be configured to add accounts to the following authentication providers:
- Active Directory Services (Windows)
- NT Directory Services (Windows)
- Forms Based Authentication using the following membership provider:
- SQL Server membership provider
Authentication providers not specifically listed here are not supported with Password Reset.
The Authentication Provider Administrator Account configured in the Authentication Providers settings must have the following minimum permissions to create accounts in Active Directory Services or NT Directory Services:
- The Create User Objects permission for an organizational unit or the domain is required to create accounts and set some account properties.
- The Reset Password permission on the User Object is required to set account passwords.
- The Write All Properties permission on the User Object is required to set remaining account properties.
- The Write All Properties permission on a Security Group is required to add an account to a group.
NOTE: If the Authentication Provider Administrator Account permissions are not set as described above, Password Reset users will not be able to create and configure all account properties allowed in the web part.
Sometimes we see customers attempt to enter the fully qualified domain name (FQDN) for the Domain field; this should be the NetBIOS (pre-Windows 2000) name of the domain. For example, the Domain field should be the “domain” portion of the account’s logon – “bambooadmin” should enter “bamboo” in the Domain field, not “bamboo.local”.
The SharePoint Administrator Account configured in the Authentication Providers settings is used to add users to SharePoint groups and to modify the SharePoint User Information List (Windows SharePoint Services 3.0 and SharePoint Foundation 2010 only). The SharePoint Administrator Account should be a site collection administrator.