Here are the steps
1. Manage User In Authorization Store
2. Click on a user name to display the menu
3. "Reset Password" does not appear in the menu
One of my colleague has gone to one of your training and said that the "Reset Password" is supposed to show in this menu. Can you tell me how I can enabled this.
The "Reset Password' option only appears if the 'requiresQuestionAndAnswer' attribute of the <membership /> provider tag is set to 'False'. This value can be set in the web.config file of your Web Application's IIS site(s). The 'requiresQuestionAndAnswer' attribute enforced a valid question and answer during a password reset operation. Since there is no way for an administrator to know the question and answer the 'Reset Password" menu item is disabled when the value is set to 'True.
In most cases the 'requiresQuestionAndAnswer' attribute is set to 'False' in the windows zone and set to 'True' on the FBA zone. This allows a windows administrator to reset FBA passwords but still requires an FBA user to provide the correct question and answer during a password reset operation. If this value is set to 'False' in the FBA zone then a user could reset the password for another account without knowing the password question and answer.
(ExCM Help : Configuring a web.config file with FBA)
(Microsoft : Membership Provider : Requires Question And Answer Attribute)
I am having issues getting this to work with my windows zone.
Started off getting an error when trying to access the "Manage Users in Authorization Store" from my windows zone (Object reference not set to an instance of an object.) I figured out that I needed to add the <membership> section to the web.config fine in the windows zone. However, the AD membership provider (bane of my existence) will not support the password reset option without the password question/answer option.
Setting: enablePasswordReset="true" requiresQuestionAndAnswer="false" produces an error on page load
I can set: enablePasswordReset="false" requiresQuestionAndAnswer="false" and get the menu option to show up, but after entering the new password I get the "provider is not configured to allow password resets" (obviously).
Setting enablePasswordReset="true" requiresQuestionAndAnswer="true" hides the Password Reset option as you described.
Is there any way to work around this? I was a little surprised I had to add the reference to the AD membership provider at all since in the windows zone we are already authenticating aginst AD and the accounts all exist in AD.
The correct membership setting for your Default Zone (windows) is <membership... enablePasswordReset="true" requiresQuestionAndAnswer="false" .../>. If the requiresQuestionAndAnswer attribute is set to 'True' the administrator must provide the correct Q/A which he/she will most certainly not know.
Do you have friendly error message turned off? If so can you send the full stacktrace?
(Turn off friendly error messages)
Would you also mind sending me the details of the Delegation Status page for your Default Zone.
We have the exact same issues.
The full stack trace, taken from the Windows zone, with membership... enablePasswordReset="true" requiresQuestionAndAnswer="false" .../> is as follows:
The Active Directory membership provider does not support password reset without password question and answer. (C:\Inetpub\wwwroot\wss\VirtualDirectories\preonespace80\web.config line 170) at System.Web.Configuration.ProvidersHelper.InstantiateProvider(ProviderSettings providerSettings, Type providerType) at System.Web.Configuration.ProvidersHelper.InstantiateProviders(ProviderSettingsCollection configProviders, ProviderCollection providers, Type providerType) at System.Web.Security.Membership.Initialize() at System.Web.Security.Membership.get_Providers() at SPSolutions.SharePoint.Delegation.Membership.MembershipProviderResolver.GetMembershipProvider(SPIisSettings iisSettings) at SPSolutions.SharePoint.Delegation.ApplicationPages.MangUsrsInAuthStorePage.EnsureControls() at SPSolutions.SharePoint.Delegation.ApplicationPages.MangUsrsInAuthStorePage.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP._layouts_spsolutions_delegation_mangusrsinauthstore_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Troubleshoot issues with Windows SharePoint Services.
This is not an issue but a limitation of the ActiveDirectoryMembershipProvider. The ActiiveDirectoryMembershipProvider requires the 'requireQuestionAndAnswer' attribute to be true. When this value is true the password reset question and answer are required to reset a users password. Since there is no way an administrator can know this information we disable the ExCM reset password menu option in this configuration. Other providers like the SqlMembershipProvider do not have this limitation.
Yes, unfortunately this is correct.