Remote password management: How to allow users to change expired passwords when outside the domain network and cannot log in to RDP?

Remote password management: How to allow users to change expired passwords when outside the domain network and cannot log in to RDP?

Admins enable the Password Expiration Notification feature to remind users of impending password expiration option to ensure that users change passwords periodically. This can help prevent cybercriminals from gaining access to sensitive data, even if they have stolen user credentials. However, remote users' Active Directory passwords expire because:

  1. They connect to their corporate network via VPN using cached credentials or initiate only a remote connection (RDP), and are not prompted to change their password.
  2. They use Outlook Web Access (OWA) and never log on interactively to see Windows notifications in their taskbar.

As a result, users are forced to call the help desk team for assistance. This is not an optimal solution as it increases the number of help desk calls and reduces employee productivity.

password-expiry-notification-user-guide-1

ADSelfService to the rescue: Send password expiration notifications and enable remote password change from a web-browser

ADSelfService Plus' Password Expiration Notifier alerts users about their impending Active Directory password expiration via SMS, email, or push reminders. Harder to ignore than the bubble messages from the task bar, SMS or email password reminders encourage users to change their soon-to-expire passwords immediately from a secure web-portal: ADSelfService Plus end user portal.





ADSelfService Plus supports sending multiple reminders at specified intervals to have your users proactively change their passwords before they expire. Admins can also send customized password expiration messages to different sets of users based on their OU and group membership.

How to configure password expiration notification in ADSelfService Plus?

  1. Go to Configuration > Password Expiration Notification > Add new notification.
  2. Select the domain, notification type, notification medium, and enter the scheduler name.
  3. Configure the notification frequency. For instance, admins can choose to send a password expiration alert seven days before the password expires; then send a second reminder five days before expiration; a third, three days before expiration; and a fourth and final reminder a day before the password expires.
  4. Click Save.

Active Directory user password expired: What now?

If users don't change their passwords despite receiving the notifications, ADSelfService Plus empowers them to change their Active Directory password from any web-browser, from anywhere, at any time. This means, ADSelfService Plus also remotely updates the cached password stored in users' machines.

password-expiry-notification-user-guide-6

How to enable password change in ADSelfservice Plus?

  1. Go to Configuration > Self-Service > Policy Configuration.
  2. Select Change Password.

    password-expiry-notification-user-guide-7

  3. Click Select OUs/Groups to granularly select which set of users need to be allowed to change their passwords.

Other notable highlights of Password Expiration Notification:

  1. Account expiration notifier: Notify Active Directory users about their impending account expiration.
  2. Compliance: Helps comply with PCI DSS and HIPAA regulations.
  3. Advanced reports: An overall summary of all the notifications sent to users will be emailed to your admins and managers to identify potential problems and resolve any issue before they arise.

                  New to ADSelfService Plus?

                    • Related Articles

                    • How to enable multi-factor authentication for RDP

                      Generally, remote employees use Microsoft Remote Desktop Protocol (RDP) to connect to their work devices from an external network, using only a password to authenticate their devices. This makes RDP-based access highly vulnerable to password-based ...
                    • How to update cached credentials for remote users with ADSelfService Plus

                      Remote users' password challenges Remote employees may often work in a different time zone than the IT team. In such a situation, if a remote employee forgets their password, they could be stranded for hours, unable to log in to their machine for an ...
                    • How to disallow palindrome passwords using ADSelfService Plus

                      Having a secure password is of paramount importance to ensure the safety of your network. A password's strength depends on the length of the password, the different types of characters used, the number of repeated characters, the sequence of ...
                    • How to turn off ADSelfService Plus license expiration notification

                      To disable ADSelfService Plus license expiration notification, please follow the steps given below: Log in to ADSelfService Plus as a Super Admin. Click the Admin tab in ADSelfService Plus. Go to Product Settings > Mail/SMS Settings. Under the Mail ...
                    • Multi-factor authentication techniques in ADSelfService Plus

                      Let's take a look into the various authentication methods supported by ADSelfService Plus for enterprise multi-factor authentication (MFA). Why should you use MFA? Authentication based solely on usernames and passwords is no longer considered secure. ...