Jump to content

Domains and Privilege Accounts


Recommended Posts

Something I noticed this morning.  It would appear that the self service portal doesn't work with 2003 domains.  I have 2008 DC's, but a 2003 functional level.  When I attempt a password reset, it errors


An unexpected error has occurred performing a Password reset for UserID 'username'. Error = Update pwd result: UnavailableCriticalExtension for CN=User,OU=Accounts,OU=Sitename,OU=Locations,DC=europe,DC=domain,DC=net The parameter is incorrect (00000057: LdapErr: DSID-0C090B79, comment: Error processing control, data 0, v1db1) [The server does not support the control. The control is critical.]


I didn't get a warning when I added the AD domains about LDAPS.  So, is there a way to improve the validation to ensure that when checking for LDAPS, it maybe does an AD check also?


Also, why do seprate domain and privileged account configs exist for the reset portal.  Is there not a way to have it use the existing setup for passwordstate?

Link to comment
Share on other sites

Hi Matt,


We've updated our documentation for the next release to say that a 2003 functional level is not supported. We're not really sure how to test if a user has this domain configuration, apart from trying to do a reset and see if it fails or not - which is not ideal.


The reason we have separated the domains and Privileged Accounts, is because some customers want to use Passwordstate for both Privileged Account Management, and the reset portal - and they may not want certain domains or privileged accounts showing up on either screens.


Click Studios

Link to comment
Share on other sites

On 07/07/2017 at 8:52 AM, support said:

We're not really sure how to test if a user has this domain configuration

Get-ADDomain will tell you the functional level of the domain.

It would work as a solution in Matts case. Obviously it wouldn't work if the DCs are Server 2003 though.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...