How to Configure Self-service Password Change for AD Users

How to Configure Self-service Password Change for AD Users Leave a comment

Gadgets

Read this information to find out how to arrange self-service password reset for Active Directory customers.

Step 0: Review Problem Background and Overview

Whenever customers want to change their Active Directory password, they name the Service Desk group. This is time-consuming and unsustainable.

So, your supervisor requested you to configure a device that permits customers to change their passwords.

I’ll stroll you thru the steps to full this process on this information.

I’m utilizing a Windows Server 2022 Standard server for my take a look at configuration. The server have to be a member of the area, and you could check in to it along with your area credentials.

Step 1: Install Remote Desktop Web Access and IIS Web Server

  1. From the Server Manager Manage menu, choose Add Roles and Features.
  1. When the Add Roles and Features wizard opens, click on Next till you get to the Server Roles web page. Then, test Remote Desktop Services and Web Server (IIS). When you test Web Server (IIS), the wizard dispays a pop-up, choose Add Features within the pop-up.
When the Add Roles and Features wizard opens, click Next until you get to the Server Roles page. Then, check Remote Desktop Services and Web Server (IIS). When you check Web Server (IIS), the wizard dispays a pop-up, select Add Features in the pop-up.
  1. Confirm that the 2 roles are checked. Then, click on Next.
Confirm that the two roles are checked. Then, click Next.
  1. Continue clicking Next till you get to Remote Desktop Services Role Services. Check Remote Desktop Web Services, then, click on the Add Features button within the pop-up.
Continue clicking Next until you get to Role Services. Check Remote Desktop Web Services, then, click the Add Features button in the pop-up.
  1. After that, click on Next a number of instances till you get to the Confirmation web page. Click Install to set up the Windows Server roles.
After that, click Next several times until you get to the Confirmation page. Click Install to install the Windows Server roles.
  1. Wait for the wizard to affirm that the roles have put in efficiently, the shut it.
Wait for the wizard to confirm that the roles have installed successfully, the close it.

Step 2: Enable the Password Reset Feature in IIS RDWeb

  1. Search for and open IIS.
Search for and open IIS.
  1. In the IIS Manager, increase the Server title, then navigate to Sites > Default Web Site > RDWeb and left-click Pages. On the small print pane, double-click Application Settings.
In the IIS Manager, expand the Server name, then navigate to Sites > Default Web Site > RDWeb and left-click Pages. On the details pane, double-click Application Settings.
  1. On the Application Settings web page, double-click PasswordChangeEnabled and alter its Value from false to true.
On the Application Setttings page, double-click PasswordChangeEnabled and change its Value from false to true.

Step 3: Configure HTTPS Binding within the Remote Desktop Web Site

By default, the Remote Desktop Web Site in IIS is configured to use HTTPS. Meanwhile, to use HTTPS, you require a certificates.

If you’re configuring self-service password reset for manufacturing use, I like to recommend buying a publicly signed certificates from a certificates authority.

Since I’m configuring mine for take a look at functions, I will probably be creating and utilizing a self-signed certificates.

Task 3.1: Create a Self-signed Certificate

Open PowerShell as an administrator and run the command under to create a self-signed certificates.

Change the Dnsname, IPMvWAC, to your server title.

New-SelfSignedCertificate -FriendlyName ad-ss-cert -DnsName IPMvWAC -KeyUsage DigitalSignature
New-SelfSignedCertificate -FriendlyName ad-ss-cert -DnsName IPMvWAC -KeyUsage DigitalSignature

Task 3.2: Configure IIS HTTPS Binding to use the Certificate

  1. Back within the IIS Manager, left-click Default Web Site, then within the Actions menu, choose Bindings.
Back in the IIS Manager, left-click Default Web Site, then in the Actions menu, select Bindings.
  1. Then, on the Site Bindings pop-up, left-click https after which Edit.
Then, on the Site Bindings pop-up, left-click https and then Edit.
  1. Finally, on the Edit Site Bindings pop-up, choose the self-signed certificates from the SSL Certificate drop-down and click on OK. If you obtain a affirmation pop-up, choose sure.
Finally, on the Edit Site Bindings pop-up, select the selft-signed certificate from the SSL Certificate drop-down and click OK.
  1. Return to the PowerShell console and run the iisreset command.

Step 4: Test the Self-service Password Change Remote Desktop Web Site

  1. From a browser on the native server the place you configured the self-service password reset, open the URL under:
https://127.0.0.1/RDWeb/Pages/en-US/password.aspx
  1. You’ll obtain a certificates warning. Click Advanced, then Continue.
You'll receive a certificate warning. Click Advanced, then
You'll receive a certificate warning. Click Advanced, then Continue.

The website shows the web page for altering an AD password.

The site displays the page for changing an AD password.
The site displays the page for changing an AD password.

If your customers obtain the error message – “Your new password does not meet the length, complexity, or history requirements of your domain. Try choosing a different new password.” – modify your area password coverage.

If the password reset doesn’t work, be certain that the Forms Authentication in Sites > Default Web Sites > RDWeb > Pages is enabled.

If the password reset does not work, ensure that the Forms Authentication in Sites > Default Web Sites > RDWeb > Pages is enabled.

Conclusion

Providing your customers with a means to reset their passwords with out contacting the Service Desk is a time saver. In this hands-on information, I’ve defined the steps to allow self-service password reset utilizing Remote Desktop Web companies.

The first step is to set up the IIS internet server and the Remote Desktop Web Access Windows Server roles. After that, configure the PasswordChangeEnabled characteristic of the RDWeb website in IIS.

Finally, configure SSL and also you’re good to go.

Leave a Reply

Amazon Disclosure
This site is a participant in the amazon services LLC associates program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com. amazon, the amazon logo, amazon supply, and the amazon supply logo are trademarks of amazon.com, inc. or its affiliates. as an amazon associate, we earn affiliate commissions from qualifying purchases.
© Copyright - All Rights Reserved