ADSelfService Plus Release Notes

Release Notes for build 5306 (Oct 2015)

Enhancements

• Now you can set a limit for the number of password resets and account unlocks a user can perform in a given number of days.

Issues Fixed

• Issue in directory self-update when a custom attribute is added to the layout.
• Issue in importing CSV files by technicians who are logged in using ADSelfService Plus authentication.
• Issue which prevented users from changing their passwords using ADSelfService Plus mobile site when ‘Users must change password at next logon' option is enabled in Active Directory.
• Issue which failed to show the success message for Google Apps password reset and change passwords.
• License expiry notification sent 2 days before expiration has been removed.

Note: As Google has deprecated its clientLogin API, ADSelfService Plus will not be able to support manual linking of Google Apps and Active Directory accounts. However, we are working to bring back the manual linking option and it will be available soon. Until then, we have enabled automatic linking of accounts using the sAMAccountName@GoogleDomainName.com format by default.

Release Notes for build 5305 (Aug 2015)

Enhancements

• Business Logic for Self-Update: You can now configure your organization’s business logic for self-update to auto-populate attribute values based on user input.
• ​Option to overwrite enrollment data while automatically fetching data from external data sources.
• Password Sync Agent can now invoke a post action custom script.

Issues Fixed

• Slowness issue in password reset, account unlock and change password when password sync for Google Apps.
• Issue in automatically linking AD and Salesforce accounts for password sync.
• Issue in "Access admin login from" when DNS name of the server is not resolved.
• Issue which appeared when custom script contains special characters.

Release Notes for build 5304 (Aug 2015)

Issues Fixed

• Issue in accessing the self service portal through GINA due to a script error.
• XSS vulnerabilities have been fixed for improved security.
• Issue in enrolling users from external database when the total number of users exceed a certain limit.
• Issue in license management while accessing unowned licenses.
• SSO issue which prevented Mac users from accessing the self service portal.
• Issue in editing the self update layout through Internet Explorer.
• Issue which prevented technician users from viewing the self service policies associated with password sync.

Release Notes for build 5303 (Jul 2015)

Feature

• Now update local cached password when remote users reset their passwords in Active Directory through the GINA/CP client.

Release Notes for build 5302 (Jun 2015)

Enhancements

• Mobile Push Notification support for enrollment and password expiry notifications.
• ​Now automatically enroll users by creating a scheduler for importing enrollment data from a CSV file from any shared location.
• Added an option to choose the security settings (none, SSL, TLS) during custom SMS provider configuration.
• ​Admins can now enable forced enrollment for specific users by manually configuring the built-in logon script file.

Issues Fixed

• Issue in self-updating mobile number using Internet Explorer.
• Issue which allowed users to edit the read-only fields during self-update.
• Issue which prevented users from updating the country field during self-update.
• Issue in updating the product when another process running on a virtual IP is using the same port number.
• Issue which consumed 100% CPU when account expiry scheduler with “on specific days” is enabled.
• Issue in enrolling with Google Authenticator when ENTER key is pressed.
• Issue which failed to display the logo in mobile apps.

Release Notes for build 5301 (May 2015)

Enhancement

• Option to set the keystore password, which will be encrypted for heightened security, directly using the product UI.

Issues Fixed

• Issue in automatically enrolling users using external data source when ‘Overwrite enrollment data’ option is enabled.
• Issue in syncing Oracle Database and Office 365 passwords when the password contains special characters.
• Issue which caused the loss of enrollment data while editing security questions.
• Issue which launched the Choose Manager pop-up in a new tab.
• Issue in external data source fetcher when the query contains XSS character.
• Issue in sending SMS when the message contains blank space.
• Issue in navigating through the OUs in tree view under the Reports tab when the OU name contains special characters.
• Issue which failed to save OUs with special characters while configuring password expiry notification schedulers.
• Issue which failed to load the custom logo in mobile app.
• Issue in saving advanced policy configuration when the username macro is used in the automation tab.
• Organization Chart issue which showed extra columns in the result.
• Script error in GINA login page when login option is enabled.
• Issue which failed to accept the keystore password while importing SSL certificates.

Release Notes for builds 5207 to 5300 (Apr 2015)

Features

• Help desk assisted self-password reset and account unlock using Active Directory attributes as security questions to verify user identity.

Enhancements

• Updates Java Runtime Environment package to version 7.
• Supports TLS 1.2 for heightened security.
• Admins can now receive real-time notifications as and when end-users perform reset password/account unlock.
• Ability to copy an existing self-update layout and create a new one from it.
• Supports multiple mobile number formats; you can also force users to comply with the specified formats during self-update.
• Supports cross-database migration; easily migrate all the product data from your existing database to another (except to MySQL).

Issues Fixed

• Fixed an issue caused by the deprecation of Google Apps provisioning API. We have now migrated to the Google's new Directory API.
• Issue which prevented users assigned as ‘technicians’ from changing their passwords.
• Issue which prevented users from selecting recipient mobile number to receive verification codes.
• Issue in generating reports after restoring the database from a backup.
• Issue in Notification Delivery Report which displayed duplicate user records.
• Issue which sent multiple license expiry notification emails.
• Issue which failed to update the Dashboard when a user is logged in as a technician.
• Issue which showed the ‘My Info’ tab instead of the default tab after uploading photo.
• Issue which prevented default admin from viewing the enrollment notification schedulers created by technicians.
• Fixed an issue which caused users assigned as ‘technicians’ to be logged in as domain users.
• Issue which failed to apply the force enrollment script to users who are newly added to a group with self-service policy applied to it.
• Issue in self-update which allowed end-users to edit the ‘read-only’ fields.
• Issue in self-update which displayed an empty page when users edit the sAMAccountName field.
• Issue in embedding cross domain employee search in Internet Explorer.
• Issue in integrating other ManageEngine products in ADSelfService Plus (applies to customers who have updated their old builds using service pack).
• Issue in changing the mobile browser title.
• Issue which prevented the ACCESS URL from being used during GINA installation and customization.
• Proxy settings is now enabled for HTTPS connections too.
• The following security issue have been fixed: CSRF, Cross Frame Scripting (XSF)/Click Jacking, Weak Cache Policy/Server Cache Policy, MIME-SNIFFING, Cross Origin Resource Sharing (CORS), Browser Autocomplete Issue  HttpOnly and Secure Flag, Directory Listing, SHA1WithRSA for CSR creation, jQuery migrated to new version to avoid Vulnerability, Session Fixation, HTTP Methods Blocking.

Release Notes for build 5206 (Feb 2015)

Issues Fixed

• Issue which prevented migration from 5203 to 5204/5205 build when MS SQL database is in use.
• Issue which displayed sAMAccountName instead of displayName while choosing the Manager in self-update.

Release Notes for build 5205 (Feb 2015)

Enhancements

• Now easily integrate custom SMS gateway providers using the product GUI.
• Notification emails to alert you when licensed user count reaches its maximum limit.
• Notification emails to alert you about license and AMS expiry.

Issues Fixed

• Issue in change password when it is done by a service account user with only change password permission.
• Reset Password issue which displays the error ‘Problem in Change Password’ when enforce password history settings is enabled.
• Issue in accessing password reset wizard from the login screen when multibyte characters are used in the GINA/CP button.
• Issue in AD LDS and OpenLDAP configurations for customers migrating from old builds.
• Password Sync Agent installation issue in non-English OS has been fixed.
• Password Sync Agent issue which failed to sync passwords of users whose username contains more than 16 characters.
• Issue in password sync agent audit log which stored the application IP address instead of the domain controller IP address has been fixed.
• Issue which doesn’t prompt users to enter their alternate email address for receiving verification code.
• Issue in configuring ‘Connection Security (SSL/TLS)’ under Mail Settings
• Issue in saving mail server settings when the from address or admin mail address contains a top level domain name with more than 4 characters.
• Issue in taking manual backup using backupdb.bat.
• Issue which prevented any of the multi-factor authentication option from being set as mandatory.
• Issue in setting a default tab under ‘Tab Customization’.
• Issue in accessing cross domain organization charts when logged in as a domain user.
• Disabled the "Interactive Services Detection" message pop-up which appears when ADSelfService Plus is configured to run as a service.
• http://server:port/showLogin.cc?domainName=%domainName% - Now you can use Domain Flat Name or Domain DNS Name for the %domainName% macro.
• Fixed slowness issues in product and report generation.

Release Notes for build 5204 (Jan 2015)

Feature

• Send real-time Email and/or SMS notifications to end-users as and when their Active Directory passwords are changed or reset natively in Windows.

Enhancement

• Reset Password and Change Password audit reports have been enhanced to include native password changes (Ctrl+Alt+Del screen) and password resets (ADUC console)

Release Notes for build 5203 (Jan 2015)

Feature

• OpenLDAP and AD LDS based directories are now supported for self-service password management and password synchronization.

Issues fixed

• Issue in employee search which fails to show the result when search filters are used.
• Issue which failed to display enrollment prompt to dis-enrolled users when they log in to the self-service portal
• Issue in password reset which showed 'specified network password is incorrect' even after successful reset when password history settings is enforced

Release Notes for build 5202 (Dec 2014)

Features & Enhancement

• Now you have the option to enable CAPTCHA on the login page after a certain number of failed login attempts.

Issues fixed

• Issue which prevented service account users from self-updating attributes even when they have sufficient rights.
• Issue which added new users to the restricted users list because of no last logon time.
• Issue which affected the dashboard UI when AD blocker is enabled on the browser.
• Fixed an issue in password sync agent by excluding password capture from a new computer joined to the domain.
• Issue which prevented the addition of Technician operation role when there is a large number of restricted users.
• Fixed a bug that showed incorrect error message to users, whose accounts are locked out, when they try to log in to ADSelfService Plus

Release Notes for build 5201 (Dec 2014)

Feature

• Introducing Password Sync Agent: Now synchronize native password changes (password change through Ctrl+Alt+Del screen and password reset through ADUC) in Windows Active Directory with the users’ associated IT systems and applications in real-time.

Release Notes for build 5200 (Nov 2014)

Features

• Multiple Login Options: Users can log in to the self-service portal with any AD attribute with unique value such as mail and telephoneNumber.
• Now verify users’ identity by sending them an email containing a secure password reset/account unlock link.
• Ability to restrict service accounts using license management to free up license count.

Issues fixed

• Issue in self-update which displays incorrect value in the manager field.
• Issue in automated password reset.

Release Notes for build 5116 (Nov 2014)

Issues fixed

• Issue which disrupts GINA UI when caps lock is pressed while entering the password.
• SSO issue in Chrome browser.
• Issue in password expiry notification when it is configured for a group with a large distinguishedName.
• Issue in password expiry notification delivery report which failed to show the delivery status properly.
• Issue which ignores the default system language and displays the product only in English.
• Issue in reports when they are generated for OUs containing special characters.
• Issue in showing the status message during unlock account process when retry option is enabled.
• Issue in linking accounts for password synchronization.
• Issue in synchronizing passwords when force synchronization is enabled.

Release Notes for build 5115 (Oct 2014)

Issues fixed

• Issue in sending password expiry notifications on specific days.
• Issue in sending password expiry notification to unlimited users in Free Edition.
• Issue in syncing Office 365 passwords when you are using an older version of Microsoft online services module.
• Issue which syncs password with Active Directory even though the user's AD account is not selected during password reset or change.
• Issue which displays incorrect user count in the security questions and answers report.
• Issue which shows incorrect count in user reports under Dashboard.
• Issue in notification delivery report where incorrect status is shown for enrollment notifications sent to users.
• Issue which shows incorrect status message during self-unlock account if a domain is configured using insufficient permissions.

Known Issues

These issues will be fixed in our upcoming release.

• GINA issue: In Windows Server 2003 and XP machines the GINA icon and its frame text will disappear when Caps Lock is pressed while entering passwords.
• Translation issue: Some of the new features will have texts only in English.

Release Notes for build 5114 (Sep 2014)

Enhancements

• Option for users to choose the language of their choice from the log in page itself.
• OUs selected during report generation will now be preserved and reused for reports displayed on the dashboard.

Issues fixed

• Issue in GINA/Credential Provider which failed to start the password reset/unlock account wizard from the logon screen.
• Issue which prevented product administrators from editing Domain settings and generating Enrolled users report.

Release Notes for build 5113 (Aug 2014)

Enhancements

• Crop Photo option – Users now have the ability to crop their photos before self-updating them in Active Directory.
• New macros added – dateTime and reportName; can be used in the subject of notification emails.

Issues fixed

• Issue that displayed incorrect password policy message when maximum password age is set to never expire has been fixed.

Release Notes for build 5112 (Aug 2014)

Issues fixed

• Issue that causes pages to be displayed incorrectly when the browser's default language is not supported by the product.
• Issue that requires the users enrolled with mandatory questions to enroll again.

Release Notes for build 5111 (Aug 2014)

Issues fixed

• Some issues that appeared when Japanese is selected as the default language. The issues that have been fixed are:
  • Issue that displays a blank pop up window when the “Automatic Reset and Unlock” feature is accessed from the dashboard.
  • Issue in deleting licensed users.
  • Issue in displaying the force enrollment message.

Release Notes for build 5110 (Aug 2014)

Enhancements

• Google Authenticator is now supported by the Android and iPhone apps as one of the multi-factor authentication options.

Issues fixed

• Issue in self password reset when the user name contains apostrophe.
• Issue which prevents users from logging in to ADSelfService Plus when they have comma in their distinguished name and have the "change password at next logon" flag set.
• Issue that displayed the system error message to end-users during change password.

Release Notes for build 5109 (July 2014)

Issues fixed

• Issue in customizing the logon page.
• Issue in Self Directory Update that forced users to fill non-mandatory, but number-only fields.
• Issue in sending test emails when SMTP authentication is used.
• Issue that forced users to enroll for verification code when mobile number format setting is enabled.
• Issue that refreshed the CAPTCHA code whenever the ENTER key is pressed during reset password/unlock account operations.
• Issue that runs GINA/Mac Customization Scheduler repeatedly ever after successful customization.
• Issue in displaying email/mobile number fields during reset password/unlock account when the respective data have been deleted in Active Directory.
• Login page issue for users who have "user must change password at next logon" setting enabled for them.

Release Notes for build 5108 (July 2014)

Feature

• ADSelfService Plus integration with ADManager Plus now enables you to take control of users’ self-service actions with the new Self-Service Approval Workflow feature.

Enhancements

• Password Expired users can now change their passwords when they log in to ADSelfService Plus.
• Mobile App now has a 'Desktop Site' option; allows users to switch to the desktop version of ADSelfService Plus.

Issues fixed

• Issue in customizing the logon page.

Release Notes for build 5107 (June 2014)

Enhancements

• Zendesk and Microsoft Dynamics CRM are now supported for self-service password management and synchronization.
• ServiceDesk Plus is now integrated with ADSelfService Plus; allows admins and end-users to quickly access the help desk software.
• I18n support for mobile apps; all the 17 languages supported by the web console are now supported by the mobile apps.
• Now easily deploy the Mac login agents from the web console itself.

Issues fixed

• Issue in linking Office 365 sub domain accounts by end-users for password sync
• Issue in closing the ‘Edit Questions’ dialog box

Release Notes for build 5106 (June 2014)

Enhancements

• Default admins can now view report schedulers and all its information created by users associated with the ‘Technician’ role.
• OUs selected during report generation will now be preserved and re-used while generating reports in the future.

Fixed

• Issue with force enrollment.
• Issue that displayed the list of restricted users from default domain to all the technicians regardless of the domain they belong to.
• Blank screen issue when unlock account page is refreshed.
• Issue that throws a ‘page not found’ error when username exceeds 100 characters during reset password/unlock account process.

Release Notes for build 5105 (May 2014)

Enhancements

• Google Authenticator is now supported as part of our multi-factor authentication set up to further secure reset password/unlock account process.
• Facility to make any or all of the multi-factor authenticator techniques mandatory.
• Option that allows admins to rearrange the order of identity verification steps during reset password/unlock account process.

Fixed

• An issue that displays force enrollment notification to non-policy users when a custom logon script is used.
• Issue in selecting security questions during enrollment when users change their choice of questions.

Release Notes for build 5104 (Apr 2014)

Fixed

• Issue in adding domains to the product when their names start with numeric value.
• Issue with ADSelfService Plus Credential Provider when accessed from the UAC prompt.
• Issue that allowed users to log in using invalid passwords if guest login is enabled on the machine running ADSelfService Plus.
• Issue in enrolling with security answers through Android app.
• Issue in applying the default admin time zone settings to technicians.
• Issue in enrolling with security answers that are longer than 100 characters.
• Issue in reports page and in accessing help from the end-users portal when context path is set.

Release Notes for build 5103 (Apr 2014)

Enhancements

• You can now export the restricted users list in a desired file format
• Now completely exclude restricted users from showing up anywhere in the product

Fixed

• Issue in automatic password reset
• Issue in accessing native mobile apps and mobile webapp
• Issue in displaying verification code enrollment information when email option alone is enabled
• Issue with displaying header logo in scheduled reports when HTML is selected as the storage format

Release Notes for build 5102 (Mar 2014)

Enhancements

• Alternate Email IDs and Mobile numbers of users stored in any AD attribute can now be used for sending verification codes.
• Admins can auto-enroll users by importing their Email IDs and/or Mobile Numbers from a CSV file or external database.

Release Notes for build 5101 (Mar 2014)

Enhancement

• Now you can select the protocol (HTTP/HTTPS) to be used for Mac login agent during installation itself

Fixed

• Issue in generating user reports when the database (PostgreSQL) server is installed in another machine
• Issue that force users to go back or sign out when they login using Single Sign-On
• Issue in saving ‘Automatic Reset Password’ settings
• Issue in accessing the help guide when context path is added
• Issue in translating the label ‘Description’ when reports are exported

Release Notes for build 5100 (Feb 2014)

Features

• Login Agent for Mac OS X to allow AD domain users to reset passwords and unlock accounts right from the OS X login screen itself.
• Group-based configuration of self-service policies, enrollment settings and password synchronizer for fine-grained management.
• Now self-service policies will take effect based on their priorities as set by the admin.

Fixed

• Issue in saving report schedulers.
• Issue in performing quick search in reports.
• Issue in showing the status of change password actions when enrollment is disabled.

Release Notes for build 5041 (Jan 2014)

Enhancements

• Added an option to email generated reports

Fixed

• Issue with updating profile details when the update button is clicked more than once
• Issue with updating the Advanced Policy Configuration settings from Security Center

Release Notes for build 5040 (Jan 2014)

Enhancements

• Password Expiry Notifier is now part of our FREE Edition; allows you to notify UNLIMITED users. Also, gains a slew of enhancements including:
  • SMS notifications to alert users of their impending password expiry
  • Option to select users based on groups for sending password expiry notifications
  • Ability to schedule and send reports of users’ password/account expiry to their managers
  • Send password expiry notifications immediately with the ‘Run Now’ option
  • You can now notify password expired users too
• Enabling SSO now requires you to configure NTLMv2, which has been added to enhance security
• Option to hide ‘Click here to troubleshoot’ link in Reset Password / Unlock Account failure page

Fixed

• Issue in removing added OUs while configuring GINA/CP scheduler
• Issue in enabling the ‘Force User to prove their identity via both verification methods’ option

How to Upgrade?

• Download Service Pack (for existing customers)
• Download latest build (for new customers)

Highlights of Previous Releases (build 4500 to 5032)

• Unified Self-Service Password Management -Synchronize Windows Active Directory Password/Account changes made using ADSelfService Plus with range of cloud-based and on-premise apps. The following apps are supported:
  • Google Apps
  • Office 365
  • Salesforce
  • Zoho
  • IBM AS400 / iSeries
  • HP UX systems
  • Oracle Database
  • Oracle E-business Suite
• Free iPhone & Android App for self-service password management: ADSelfService Plus native apps for iPhone and Android allows end-users to reset their lost passwords, unlock their locked-out accounts, change their expiring passwords and synchronize password changes with a variety of non-Windows systems and cloud-based applications remotely from their iOS and Android devices. Get the free app from Get the Apps.
• Mobile Web App: Mobile browser support for devices running on any platform including Android, iOS and Windows Mobile
• Mobile App Rebranding: Ability to customize mobile app with your own company logo
• Mail Group Subscription: Self-Service Mail Group Subscription to allow users to subscribe to or unsubscribe from mail groups of their choice
• SMS/E-Mail Verification Codes to provide additional security when End-Users Reset Password / Unlock Accounts
• Enforce Stronger Passwords with "Password Strength Analyzer"
• Instant DC Updater: The actions by a user (password reset or account unlock), can be instantly updated between sites and across all or specified domain controllers
• Enrollment Notification: Scheduler to invite the 'non-enrolled & new domain' users to enroll with ADSelfService Plus as well as delivery reports for the notifications.
• Force Users to Enroll - Now force users to enroll with ADSelfService Plus as soon as they log in to their machines.
• Extract Audit Reports specific to a domain with the help of built-in filters.
• Heightened security against 'Cross-site scripting', 'CSRF issue', and 'Denial of Service attack'.
• SSL Certification Tool: Helps you to generate CSR and offers guidelines to install SSL certificate
• Report Scheduler: Scheduler for mailing admin the detailed reports of ADSelfService Plus (User, Audit & Enrollment Reports)
• Restrict User Scheduler: Scheduler for restricting the inactive users of a domain from accessing the application
• Support for Windows 8 and Windows Server 2012 operating systems
• Support for Postgres Database server (as product database) in addition to already supported MySQL and MS SQL databases.
• Support for 17 languages including Dutch, Swedish, Chinese, Spanish, Russian, and Arabic.
• Support for 3rd party GINA/CP agents:ADSelfService Plus is now compatible with the following 3rd party GINA/CP agents:
  • Zenworks Endpoint Security agent
  • 2X agent
  • Toshiba Logon Provider
  • Cisco NAC agent
  • OneX Credential Provider
  • Sophos Safeguard Disk Encryption
  • Cisoc VPN client
  • Checkpoint Full Disk Encryption (pre-boot authentication not supported)

Click here for the complete list of Features, Fixes and Enhancements from previous releases.

Some other benefits of ADSelfService Plus - Self Service Reset Password Management