The Change Password tool allows a Configuration Manager console user to change another user's password. Options allow you to set the new password, force the user to change the password at next logon, and/or unlock the account. This tool can be run on individual or multi-selected users, but not user groups or user collections.
This tool connects to Active Directory to run the password change and the specified options.
To change a user password:
1. In your Configuration Manager console navigation panel, click Users.
2. Right-click on a user.
3. Click Right Click Tools > Change Password.
4. Enter and confirm a new password.
5. Enable User must change password at next logon (optional). If the user's account is set up with a password that doesn't expire, you can override that setting by checking Disable Password Never Expires.
6. Enable Unlock user account if it is locked (optional).
7. Click Change Password.
Recast Permissions
| ActiveDirectory plugin | ResetPassword permission |
Microsoft Permissions
This action requires reset user password permissions on the Active Directory object. If using a service account, the service account needs the reset user password permission on the AD object.
The Email User tool looks for the primary email address associated with a user or multiple users, opens the default email application and adds the address to the 'To' field.
This tool connects to Active Directory to discover the primary email address associated with a user account and open the default email application. For best results, assign your email application of choice as the Windows default before running this tool.
NOTE: The Email User tool can be run on multi-selected users, but not user groups or user collections.
To email multiple users:
1. In your Configuration Manager console navigation panel, click Users.
2. Search for the users to email.
3. CTRL-click to select users.
4. Right-click on the selection.
5. Click Right Click Tools > Email User.
The default email application will open with the addresses of the selected users included as recipients.
Recast Permissions
| ActiveDirectory plugin | GetADUser permission |
| InstalledSoftware plugin | EmailUser permission |
Microsoft Permissions
No additional Microsoft Permissions are required for this tool.
The Enable/Disable Account tool lets an administrator view and change the current state of a user account. Use this tool to enable a disabled account or to disable an enabled account.
This tool connects to Active Directory.
NOTE: The Enable/Disable Account tool can be run on multi-selected user objects, but not user groups or user collections.
To enable/disable a user account:
1. In your Configuration Manager console navigation panel, click Users.
2. Search for the user.
3. Right-click on the user.
4. Select Right Click Tools > Enable/Disable Account.
The window that opens displays the current status of the account and asks if you want to change that status. When the tool is run on multiple accounts, you'll be asked to confirm the action for the selected users. Once confirmed, a window will open for each user.
Recast Permissions
| ActiveDirectory plugin | EnableAccount or DisableAccount permissions |
Microsoft Permissions
This action requires permissions to enable or disable the Active Directory object. If you're using a service account, the service account needs permission to enable or disable the AD object.
The Security Groups tool displays security group membership for a user account, allowing an administrator to see the Primary Group, Direct Group Membership, and Nested Group Membership. The tool also lets you add the user account to a New Direct Group and refresh membership lists.
This tool connects to Active Directory to show and/or edit Security Group membership.
NOTE: The Security Groups tool can be run on multi-selected user objects, but not user groups or user collections.
To view a user's security group membership:
1. In your Configuration Manager console navigation panel, click Users.
2. Search for the user.
3. Right-click on the user.
4. Select Right Click Tools > Security Groups.
The Security Groups window that opens displays the user's primary group, direct group and nested group memberships.
To remove a user from a security group:
1. In the Security Groups window, right-click on a security group.
2. Click Remove From Group.
To add a user to a security group:
1. In the Security Groups window, click Add New Direct Group.
2. Search for a group.
3. Click Add to Selected Security Groups.
Recast Permissions
| ActiveDirectory plugin | GetAccountGroupMembership |
| GetPrimaryGroupForAccount | |
| Add or Remove Account from Group |
Microsoft Permissions
- Requires that the user running the tool has permission to look at group memberships for the user object in Active Directory.
- Requires permission to modify the memberships of group objects in Active Directory.
- If using Recast Management Server with a service account, the same permissions are required for the service account.
The Unlock Account tool connects to Active Directory to manually unlock an enabled user account.
NOTE: The User Account tool can be run on multi-selected user objects, but not user groups or user collections.
To unlock a user account:
1. In your Configuration Manager console navigation panel, click Users.
2. Search for the user.
3. Right-click on the user.
4. Click Right Click Tools > Unlock Account.
Recast Permissions
| ActiveDirectory plugin | UnlockAccount permission |
Microsoft Permissions
This action requires the Unlock Account permissions on the Active Directory object. If using a service account, the service account needs the Unlock Account permissions on the AD object.
The User Devices tool displays devices that a user has logged into, as well as their primary device.
For a video walkthrough, see View User Devices with Right Click Tools on our YouTube channel.
To view user devices:
1. In your Configuration Manager console navigation panel, click Users.
2. Search for the user.
3. Right-click on the user.
4. Click Right Click Tools > User Devices.
The User Devices table displays:
- User Name
- Computer Name
- Primary Device (T/F)
- Date Last Used
- Number of Logins
- Total Time Logged On
TIP: Right-click on data in the User Devices table to run other Right Click Tools actions.
Recast Permissions
| ConfigMgrServer plugin | GetUserDevices permission |
Microsoft Permissions
This action requires the User Devices permissions on the Active Directory object. If using a service account, the service account needs the User Devices permissions on the AD object.
The User Status Messages tool displays any status messages that exist for a user.
For a video walkthrough, check out View User Status Messages with Right Click Tools on our YouTube channel.
For more information on status messages, see All Status Messages.
To view user status messages:
1. In your Configuration Manager console navigation panel, click Users.
2. Search for the user.
3. Right-click on the user.
4. Click Right Click Tools > User Status Messages.
5. In the Status Messages window that opens, set a viewing period by choosing a date and time or selecting a preset date and time then click OK.
The Status Message Viewer displays state messages for the selected user within the set timeframe. Details include Severity, Type, Site Code, Date/Time, System, Component, Message ID, and Description.
Recast Permissions
| InstalledSoftware plugin | StatusMessages permission |
Microsoft Permissions
This action requires read permissions on Status Messages in the Configuration Manager console.
Using the Add Users to Collection(s) tool, administrators can add existing users to an existing collection.
To add users to collections:
1. In your Configuration Manager console navigation panel, click Users.
2. Right-click on a user collection.
3. Click Right Click Tools > Add Users to Collection(s).
4. In the window that opens, add users to the User List and click Start.
The Results section will display any actions taken. The Log section will update the status.
TIP: If you are having trouble adding users to collections, you can also add them using domain\username (two slashes) or %username.
Recast Permissions
| ConfigMgrServer plugin | AddUserstoCollection permission |
Microsoft Permissions
Requires modify permission on Collection in Configuration Manager.
The Remove Users from Collection(s) tool allows administrators to remove specific users from an existing collection.
To remove users from collections:
1. In your Configuration Manager console navigation panel, click Users.
2. Right-click on a user collection.
3. Click Right Click Tools > Remove Users from Collection(s).
4. In the window that opens, add users to the User List and click Start.
The Results section will display any actions taken. The Log section will update the status.
TIP: If you are having trouble adding users to collections, you can also add them using domain\username (two slashes) or %username.
Recast Permissions
| ConfigMgrServer plugin | RemoveUsersfromCollection permission |
Microsoft Permissions
Requires modify permissions on Collection in Configuration Manager.