Supported Authentication Providers for Password Reset

Supported Authentication Providers for Password Reset

Password Reset can be configured to add accounts to the following authentication providers:

  • Active Directory Services (Windows)
  • NT Directory Services (Windows)
  • Forms Based Authentication using the following membership provider:
    • SQL Server membership provider

Authentication providers not specifically listed here are not supported with Password Reset.

The Authentication Provider Administrator Account configured in the Authentication Providers settings must have the following minimum permissions to create accounts in Active Directory Services or NT Directory Services:

  • The Create User Objects permission for an organizational unit or the domain is required to create accounts and set some account properties.
  • The Reset Password permission on the User Object is required to set account passwords.
  • The Write All Properties permission on the User Object is required to set remaining account properties.
  • The Write All Properties permission on a Security Group is required to add an account to a group.

NOTE: If the Authentication Provider Administrator Account permissions are not set as described above, Password Reset users will not be able to create and configure all account properties allowed in the web part.

Sometimes we see customers attempt to enter the fully qualified domain name (FQDN) for the Domain field; this should be the NetBIOS (pre-Windows 2000) name of the domain. For example, the Domain field should be the “domain” portion of the account’s logon – “bambooadmin” should enter “bamboo” in the Domain field, not “bamboo.local”.

The SharePoint Administrator Account configured in the Authentication Providers settings is used to add users to SharePoint groups and to modify the SharePoint User Information List (Windows SharePoint Services 3.0 and SharePoint Foundation 2010 only). The SharePoint Administrator Account should be a site collection administrator.

Setting up an Anonymous Access SharePoint Site

Setting up an Anonymous Access SharePoint Site

By default, anonymous access is not enabled in SharePoint 2010 nor SharePoint 2013. SharePoint administrators may want to enable anonymous users to have access to content without having to provide authentication credentials. Anonymous access is permitted or denied based on the permissions for the site. Additional configuration is needed for anonymous users to access content or web parts within a site.

For information about the SharePoint permissions given to the anonymous account, this article from Microsoft provides a good summary: Decide whether to allow access for anonymous users.

Step Action Description
1. To configure anonymous access on one particular site in a Site Collection, you first access Central Administration > Application Management > Manage web applications

CentralAdmin.jpg

Icon-Warning IMPORTANT: You must have access to the SharePoint Server and IIS Manager in order to complete this task.

2. Select the Web Application containing the site you want to configure for anonymous access. AuthProv.jpg
3. Configure the Authentication Providers; in this example, the only choice is Default. Default.jpg
4. This opens the settings to Edit Authentication, where you can check the box to Enable anonymous access for that Web App zone. Edit.jpg
5. Once this has been done, when you go back to the Web App Ribbon and select Anonymous Policy, you will be able to select the zone (or All Zones in this case, since Default was the only zone), and then choose any restrictions to anonymous access.

Policy.jpg

By default, “None – No policy” is set, so you need do nothing here since you do not want to place any restrictions on anonymous access.

Up to this point, you have preconfigured where you want to allow anonymous access to be set. But now you need to set the final settings at a Site Collection or Site level or anonymous users will not have any access.
6. Navigate to the location where you want to allow anonymous access and go to Site Actions > Site Permissions Notice now in the Ribbon, there is an option for Anonymous Access.
ConfigAccess.jpg
7. To grant anonymous access only to a sub-site in a Site Collection, then nothing should be done with Anonymous Access at the Site Collection top-level. Instead, navigate to the sub-site and from there select Site Actions > Site Permissions.

Stop.jpg

This will show that this sub-site is inheriting permissions from its parent; to allow anonymous access to this sub-site, you need to break inheritance from the parent site — click the Ribbon option Stop Inheriting Permissions.

8. The Anonymous Access button is now available on the sub-site Ribbon and when you open the option, you have some choices available. Anon.jpg
The default setting is “Nothing” but you can change it to allow anonymous access to the entire site or to Lists and Libraries only.
9. You will also note that the Anonymous Users has been added to the site permissions showing the permission level you selected.

Users.jpg

This site can now be accessed without the need to login.

See also:

SharePoint 2007:

Resetting Your Password

Resetting Your Password

Password Reset provides two types of authentication for password reset requests: email confirmation and security question & answer. Depending on how your admin has configured the web part, when you reach a page that contains Password Reset you will see one of two different views.

Should your admin configure the web part to send an email for a password reset, the web part will look like this:
Simply enter your User Name and Email address. An email will shortly arrive that includes a link.PWreset1.png Just click the hyperlink inside the email body to reset your password.
ConfirmationEmal.png
If the web part has been configured to use security questions, the questions that the admin created for validation will display within the web part.
PWreset.png If you enter the correct answers, Password Reset displays an auto-generated password using a complex password algorithm.
REset.png
If you do not see the display immediately, it could be that your web part was configured differently. Either your account will be unlocked automatically, enabled automatically or you will need to reset your password the next time you log in.
PWreset2.png
Image displays three choices an admin can make when configuring Password Reset.
If the web part is used on an anonymous access site, an additional captcha challenge will be presented.
PWresetCaptcha.jpg Just enter the text displayed in the provided text box, in addition to the other required fields, to reset your password.

If needed, an alternative text string can be displayed by simply hitting the refresh icon.

Release Notes for Password Reset

Release Notes for Password Reset

NOTE: Release Notes will open in a new browser tab

WSSv3/MOSS SharePoint 2010 SharePoint 2013 SharePoint 2016
Release Notes Release Notes Release Notes Release Notes
Microsoft ended mainstream support for SharePoint 2007 in October 2012. See Microsoft’s Lifecycle Support Policy.
At that time, Bamboo stopped enhancements to our SharePoint 2007 product line, but continues to provide support and bug fixes to customers with active support contracts until October 2017. Previously purchased licenses will continue to function after October 2017, but support for these products will end, and no additional bug fixes will be provided beyond that time. Bamboo plans to cease selling new licenses and annual support contacts for its SharePoint 2007 products in October 2016 to ensure customers will be eligible to receive support for at least one year after purchase.
Microsoft plans to end mainstream support for SharePoint 2010 in October 2015. See Microsoft’s Lifecycle Support Policy. At that time, we will stop any enhancements for our SharePoint 2010 product line but will continue to provide support and bug fixes for our SharePoint 2010 products to customers with active support contracts until October 2020. Previously purchased licenses will continue to function after October 2020, but support for these products will end, and no additional bug fixes will be provided beyond that time. Bamboo plans to cease selling new licenses and annual support contacts for its SharePoint 2010 products in October 2019 to ensure customers will be eligible to receive support for at least one year after purchase.

Visit our website where you can get the latest info about each of our products for SharePoint 2013.

A separate installation package and license key is required for SharePoint 2013 deployment. For additional details, review the following knowledge base articles:

Bamboo Solutions has also begun releasing products for SharePoint 2016. For additional details, check the product release notes in the link above, or contact us.

For details on migration, see the Knowledge Base Article “Migrate Bamboo Products from SharePoint 2013 to SharePoint 2016”

Understanding Bamboo Releases:

  • Bamboo offers Trial, Basic and Premium support.
    • Free Trial support expires after 30 days.
    • For more information about Basic and Premium support, please see the Support Plans page.
    • There may be a fee to upgrade from a major version to another.

See Also:

Password Reset Zone Configuration

Password Reset Zone Configuration

Overview of Password Reset Configuration settings
Step Action Result
1. Choose a zone, either Default, Intranet, or Internet. As pictured above, the Web Part will display the selected zone’s Authentication Mode (and, where applicable, the Membership Provider) as well as a URL example for that mode. zoneConfig.jpg
You may not have access to any other zone than the default or your environment may be set up so that you do not leverage Internet or Intranet zones. In that case, you will only see Default as the only option.
2. Select the Just show confirmation message option to display only a confirmation message when a password is reset. If this option is not active, the Web Part will show the full set of options after a password is reset.

Msg.jpg

NOTE: This option makes it easier for users to confirm that their password has been successfully reset, but makes the process of resetting several different passwords via the Web Part take longer.

3. You also need to choose the verification method for resetting user passwords.

URL.jpg
If you choose Use e-mail address:

  • Specify whether or not you are using a Local Server User Group.

    • If you are using Active Directory, do not check the Local Server User Group check box.
    • If you are using SharePoint without Active Directory and rely on the Local Server User Group, select the Local Server User Group checkbox.
  • Enter the correct Site Collection URL.

    • Enter the appropriate full URL address to the top-level site.

Password Reset Administrative Options

Password Reset Administrative Options

Overview of Password Reset Configuration settings

Enter Administrative Account that has rights to reset user password.

Step Action Result
1. Configure the Administrative Options.

04.jpgEnter the Administrator Credentials for the Administrative Account used to reset passwords. This Administrator account must have the right to Manage Site Group and Create Cross Site Group within SharePoint. By default, this account has to be in the SharePoint’s Administrator group unless the account was granted the specific right to create and manage site and cross site groups.

  • Administrator Domain Name: Enter the domain where this Administrator account resides.
  • Administrator Account Name:
  • For Active Directory Services (AD): Enter the user name for the domain administrator who has the appropriate rights for creating Active Directory users.
  • For Local Server User Group: Enter the user name for the machine administrator (i.e. member of the Administrators group on the local NT machine).
  • Administrator Password: Enter the password for the administrative account that will be used to actually create the user account in Active Directory or Local NT Server User Group.

NOTE: Passwords are generally case-sensitive.

2. Configure the User Domain parameters.

05.jpg

  • Fully Qualified Domain Name: Enter the fully qualified domain name for the subdomain to which the new accounts are added. For example: marketing.company.com, or domain.local
  • Default Logon Domain Name: Enter the domain prefix used for authenticated logons. Password Reset appends the value entered in the Default Logon Domain Name to send the request to Active Directory.
    • Example: A user enters JSmith as their user name when making a request to reset their password. The Default Logon Domain Name is qa. The reset request to AD is sent for domain user qaJsmith.
3. Configure the Password Reset preferences.

06.gif

  • Unlock Account Automatically: releases an account locked due to password policy violations (e.g. an incorrect password was entered three times) after the password is successfully reset.
  • Enable Account Automatically: reactivates an account disabled by the administrator after password is successfully reset.
  • User must change password at next logon: requires the user to change their password after a successful logon with the reset password.
4. Enter the User Name Helper Text.

07.jpg

NOTE: This is displayed as text between the User Name and E-mail fields to help the end users know the proper format to enter their user name.

5. Configure the Excluded Users or Active Directory (AD) Groups. 08.jpgEnter the user names or user groups separated by semi-colons for those users whom you do NOT want to be able to reset their passwords using this Web Part (for example, administrators, executives, or employees with access to sensitive data).
6. Specify the Password Reset method parameters.

For either method of verification, enter the E-mail Options.
EmailOptions.jpg

  • SMTP Server Name: Enter the name of your SMTP server.
  • E-mail From: (required) Enter the e-mail address to be used in the “From” field of the e-mails sent from the Password Reset Web Part (confirmation, post-reset, etc.). The e-mail address you use can be real or false; however, it needs to adhere to the e-mail configuration settings for your company.

    NOTE: if possible, use a real e-mail address as most Spam filters will block e-mails from false e-mail addresses

  • CC: (optional) Enter an e-mail address to be copied on all Password Reset generated e-mails.
7. Select Check for valid user E-mail in AD to also display the E-mail address box.

CheckValid.jpg

If selected, Password Reset compares the e-mail address entered to the e-mail address stored in AD.

8. Configure Confirmation E-mail Options for either method of verification. (This option shows below the Security Questions section.)

Confirmation.jpg

  • Subject: Enter the e-mail subject for the confirmation e-mail.
  • Message: Enter the body of the e-mail message for the confirmation e-mail. The link “Please click here to reset the password” is automatically added as the last line of the e-mail.

Password Reset Security Question

Password Reset Security Question

Overview of Password Reset Configuration settings
Step Action Result
1. Expand the Security Questions section of the web part to view the options available. At least one security question must be entered if this option is selected. SecQs.jpg
2. Security Question [#1-#3] Displays the question in the Web Part. If a Security Question is blank, the question and corresponding field are not displayed in the Web Part interface.
3. AD Custom field name for answer to Security Question [#1-#3] Enter the LDAP attribute that the user’s answer is confirmed against.

Overview of Password Reset Web Part Configuration

Overview of Password Reset Web Part Configuration

To configure Password Reset, follow the steps linked below:

Overview.jpgSelect Edit Web Part from the menu accessed at the upper right corner of the Web Part.

This menu is only accessible by users with authority to modify the page, typically those with Design permission or above.

The configuration pane for the Password Reset Web Part is displayed on the right side of the screen. Expand each Password Reset Configuration section to work through configuring each of the items as linked below.

  1. Password Reset Zone Configuration
  2. Password Reset Administrative Options
  3. Password Reset Security Question
  4. Password Reset Language Options

Overview of Password Reset Web Part

Overview of Password Reset Web Part

SharePoint administrators spend a significant amount of time handling user requests for resetting their passwords when users either forget their password and/or lock themselves out of the system. Administrators have to reset the user’s password in Active Directory or Local NT, and then contact the user with a new temporary password to enable the user to log in. While these requests don’t take up too much time individually, collectively they can be time consuming and tedious compared to the every day tasks that need to be completed to ensure your network is running efficiently.

The Password Reset Web Part allows Active Directory or Local NT SharePoint users to reset their own password from an anonymous access SharePoint WSS site. The Web Part can be run under either an “email option” or “security question option” mode. The email option mode uses e-mail based confirmation to facilitate a password change. The security question option works by prompting users to answer up to three security questions before a new password is issued.

Password Reset via E-mail Option

The Password Reset Web Part can be added to a page on an anonymous access SharePoint WSS site. When users forget their password, they can navigate to this site, enter their user name and e-mail address into the Password Reset Web Part and click Submit. An e-mail confirmation is automatically generated and sent to the user’s inbox notifying them a request has been submitted to reset their password; a hyperlink is provided to confirm the request. The user then clicks the hyperlink from the e-mail and their password is reset. Another e-mail message is sent to the user with the new temporary password. This temporary password is generated according to the password security policy set up on your network. All users must also exist in SharePoint with their e-mail address stored with their SharePoint user profile.

Password Reset via Security Questions Option

The Password Reset Web Part allows Active Directory Users to reset their password without requiring intervention of an Active Directory administrator. By adding the Web Part to a SharePoint page, the administrator can configure up to three security questions that map to existing LDAP attributes. When a user wants to reset their password, they enter their user name, password and answer each security question. If all fields are filled in correctly, their new password is displayed in the Web Part zone and the AD account option Change Password on Next Login is set.

Overview of Password Reset

Overview of Password Reset

Password Reset via E-mail Option

Password Reset can be added to a page on an anonymous access SharePoint site. When users forget their password, they can navigate to this site, enter their user name and e-mail address into the Password Reset web part and click Submit.

  • An e-mail confirmation is automatically generated and sent to the user’s inbox notifying the user that a request has been submitted to reset their password; a hyperlink is provided to confirm the request.

  • The user then clicks the hyperlink from the e-mail and their password is reset.

  • Another e-mail message is sent to the user with the new temporary password. This temporary password is generated according to the password security policy set up on your network.

  • All users must also exist in SharePoint with their e-mail address stored with their SharePoint user profile.

Password Reset via Security Questions Option

The Password Reset web part allows Active Directory Users to reset their password without requiring intervention of an Active Directory administrator. By adding the web part to a SharePoint page, the administrator can configure up to three security questions that map to existing LDAP attributes.

  • When a user wants to reset their password, they enter their user name, password and answer each security question.

  • If all fields are filled in correctly, their new password is displayed in the web part zone and the AD account option Change Password on Next Login is set.

Migrating Password Reset from SharePoint 2007 to SharePoint 2010

Migrating Password Reset from SharePoint 2007 to SharePoint 2010

Be sure you have at least the Minimum SharePoint 2007 Product Release (shown in the table below) installed before migrating. If not, upgrade your Bamboo product release before migrating. For more information, see Upgrading your Bamboo Web Part. Also, the target SharePoint 2010 farm requires at least the Minimum SharePoint 2010 product release shown.

Icon-Warning IMPORTANT: When migrating from SharePoint 2007 to SharePoint 2010, you MUST select the option to change existing SharePoint sites to use the new user experience. Your Bamboo products will not perform as expected with the old look and feel.

Minimum SharePoint 2007 Product Release 2.4.11 Minimum SharePoint 2010 Product Release 20.4.31
In-Place Upgrade
Issues Password Reset Web Part does not successfully migrate to SharePoint 2010. Users will experience two separate issues:

  1. Password Reset Web Part display fails. Instead, the Web Part shows the error:
Web Part Error: One of the properties of the Web Part has an incorrect format.
Microsoft SharePoint Foundation cannot deserialize the Web Part. Check the
format of the properties and try again.
  1. When adding the Web Part to a page in SharePoint 2010, users will see two instances of the Web Part in the Web Part gallery.
    1. The first entry in the Web Part Gallery can be added to the page without any problems.
    2. When adding the second entry to the page, the user will see the following error:
Bamboo.HelperWebParts.ResetPassword.ResetPassword class does not derive from the
Microsoft.SharePoint.WebPartPages.WebPart class and therefore cannot be imported
or used in a WebPartZone control
Resolution To resolve Case 1, delete the existing Password Reset Web Part instance and add a new instance to the page. Before resolving issue #1, you will have to resolve issue #2.

To resolve Case #:

  1. Log into the SharePoint 2010 server as a Site Collection Administrator and go to Site Actions > Site Settings.
  2. In the Site Collection Administration section, click Site Collection Features.
  3. Locate the entry Bamboo Password Reset Web Part and click Deactivate then Deactivate Feature.
  4. Return to Site Settings. In the Galleries section, click Web Part Gallery.
  5. Locate the entry Bamboo Password Reset Web Part and delete it.
  6. Return to Site Collection Administration and click Site Collection Features.
  7. Locate the entry Bamboo Password Reset Web Part and click Activate.
  8. Repeat for other Site Collections where the Password Reset is used.
Database Attach Upgrade Method
Issues The issues for this method are the same as those noted for the In-Place Upgrade method.
Resolution The resolution for this upgrade method is the same as that noted for the In-Place Upgrade method.

Migrating Password Reset from SharePoint 2010 to SharePoint 2013

Migrating Password Reset from SharePoint 2010 to SharePoint 2013

Be sure you have at least the Minimum SharePoint 2010 Product Release (shown in the table below) installed before migrating. If not, upgrade your Bamboo product release before migrating. For more information, see Upgrading your Bamboo Web Part. Also, the target SharePoint 2013 farm requires at least the Minimum SharePoint 2013 product release shown.

Icon-WarningIMPORTANT: When migrating from SharePoint 2010 to SharePoint 2013, the Database Attach Upgrade Method is the only method supported.

Minimum SharePoint 2010 Product Release 20.4.51 Minimum SharePoint 2013 Product Release 20.4.70.2013
Database Attach Upgrade Method
Issues The Password Reset migrates without any errors or additional steps required.
Resolution N/A