Documentation for Domain Admins #20
Comments
|
From @stefaweb on February 14, 2017 8:56 Greueee, all my setup are like I've not understood how to do with the new feature? We should replace |
|
From @asuweb on February 14, 2017 9:1 Yes, so were mine! You should replace domain.tld by I use The new features of domain admins being able to manage their respective users is good, but this needs well documented and explained before it's rolled out as stable |
|
From @stefaweb on February 14, 2017 9:6 It is not final release right now. We have time to solve and find a less complex solution to go around this. |
|
From @stefaweb on February 16, 2017 10:10 Back on this.
If the mailbox domain-admin@domain.tld doesn't exist, how works the "password reset" feature for domain admin? |
|
From @asuweb on February 16, 2017 10:39
It doesn't, as I took the decision not to allow domain admins to reset their password using the reset feature for security. Password resets for domain admins can be enabled easily enough though - in which case you would need to use an active mailbox. By "active" mailbox, why I actually meant was not one which is actually used to receive regular mail. For example, admin@domain may be a bad choice, as it's possible admin@ is in use actively by the admin department for example. |
From @asuweb on February 14, 2017 8:53
The new domain administration features where domain admins can add users needs documenting prior to release.
It introduces a security issue when existing domain admins are in the format
domain.tld. They can then see other domain admins user details, and can change other domain admins passwords. This is due to the change in methodology with the introduction of the new features.The new features are very welcome, but it does alter the way some people might assign accounts and needs to be understood before upgrading.
Copied from original issue: mailwatch/MailWatch#525
The text was updated successfully, but these errors were encountered: