Pricing  Get Quote

Change Password

Active Directory password change

Changing passwords periodically is a healthy habit since it helps thwart cyberattacks that use stolen credentials. Security experts suggest that admins should ensure users change their passwords with effective password expiration policies.

Users can be notified by the administrator via email to change their passwords when they are about to expire. But in many organizations, users can only change their domain password when they are connected to the company network. So what happens if VPN and OWA users are not connected to the LAN when their passwords are about to expire?

Self-service password change

ADSelfService Plus is a web based, self-service password change solution that provides a secure portal to allow domain users to change their own passwords. Users can click on the Change Password tab on the web portal and change their Windows AD login passwords. Users change their passwords according to the password policy decided by the administrator, which will be displayed while setting the password.

Remote password change

With ADSelfService Plus, users can change their domain passwords remotely. Usually, when a user's domain password is changed, the change is reflected in AD but not on the user's local machine. That means that the cached credentials on the user's machine need to be updated for the change to take effect, otherwise they won't be able to log in to the system.

To avoid this, ADSelfService Plus gives you a login agent, which places a Reset Password/Account Unlock button right on the login screen. Users can click this button to reset their forgotten passwords right from their login screen. After a successful password reset, the cached password is updated on the users' machines.

How to change your AD domain password using ADSelfService Plus:

  • Log in to the ADSelfService Plus user portal, and go to the Change Password tab.
  • Enter your existing Active Directory or domain password in the Old Password field.
  • Provide a New Password, and re-enter it in the Confirm New Password field. Make sure your new password meets the complexity requirements.
  • Click Change Password.


Why you should use ADSelfService Plus for AD password changes


Custom password policies

Using the Password Policy Enforcer, users will only be able to create strong passwords that are immune to cyberattacks including brute-force attacks and dictionary attacks.


24x7 availability

Users can change their passwords from their browser or their mobile phone, anywhere at anytime.


Multi-factor authentication:

The password change process is contained within a portal that is secured with advanced authenticators such as YubiKey and biometrics.

Enforce strong passwords that render your network impenetrable with ADSelfService Plus.

Download free trial version  

A domain user may need a password change when:

  • Their password will expire soon.
  • An administrator asks them to change their password.
  • An administrator resets their password to the default value.

Changing a password vs. resetting a password

Resetting a password is the process of updating a password when the current password is forgotten. While Microsoft offers multiple ways for admins to go about this, ADSelfService Plus allows domain users to perform self-service password resets from its self-service portal by verifying users' identities with multiple authentication techniques configured during enrollment.

A password change does not require a validation process. It only requires the user to log in to the ADSelfService Plus end-user portal. When a user changes their password, they supply the old password along with the new password. If the old password is correct and the new password follows the password policy, the password will be successfully changed.

Complying with data privacy regulations through password policies

To protect organizational data, ensuring password security is vital. ADSelfService Plus helps you comply with the password and authentication requirements of IT regulations like HIPAA, the GDPR, NIST, the CJIS, and the PCI DSS through its features:

  • Password policy enforcer: Configure advanced password policies besides the default domain password policy and the fine-grained password policy available in AD during password changes. The advanced password requirements that can be enabled include:
    1. Banning dictionary words and keyboard sequences.
    2. Disallowing the use of consecutive characters from usernames and old passwords.
    3. Restricting the use of palindromes.
    4. Mandating the use of a specific type of first character.
  • Integration with Have I Been Pwned?: Check every password created during a change or reset via ADSelfService Plus against the Have I Been Pwned? database of previously breached passwords. If the new password is present in the database, the user is prevented from using it.
  • Multi-factor authentication: In addition to the username and password, configure additional methods of authentication to verify user identities during product logins for password changes. Admins can choose from the 18 supported authentication methods, including Yubico Authenticator, Google Authenticator, TOTPs, and biometrics.

Upgrade your password change experience with ADSelfService Plus

Download Now  

Some other benefits of ADSelfService Plus - Self Service Reset Password Management


1. What is a self-service Active Directory password change?

A self-service Active Directory password change is the process that enables users to securely change their own Active Directory passwords, remotely through a web-based portal or a mobile app, without help desk assistance.

2. Can PowerShell be used to change an Active Directory password?

PowerShell can only be used to reset user passwords and not change them. You can reset Active Directory password for either a single user or a group of users, but you cannot change Active Directory passwords using PowerShell. The difference between a password reset and change is that while resetting an Active Directory password, you don't have to enter your old password in the process. But, during a password change, you need to supply your old password.

3. What self-service Active Directory password change tool should I employ in my organization?

You can employ ManageEngine ADSelfService Plus' self-service Active Directory password change capability in your organization which secures self-service with adaptive MFA having strong authenticators, like biometrics, YubiKey, smart card, and time-based one-time password. Using ADSelfService Plus' simple and user-friendly console, end users can easily change their Active Directory passwords without help desk assistance.

To gain a better understanding of ADSelfService Plus' self-service password change capability, please schedule a personalized web demo with our solution experts or download a free, 30-day trial to try it out yourself.

4. How do I change a password in Active Directory with self-service using ADSelfService Plus?

To change your own Active Directory password using ADSelfService Plus, you need to log in to the ADSelfService Plus user portal, go to the Change Password tab, provide your existing Active Directory password, supply a new password, and save it. For detailed steps, click here.


Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by