Pricing  Get Quote
 
 

Features

ADSelfService Plus in action

How to update cached credentials for remote users using ADSelfService Plus

Supports password resets for Windows, macOS, and Linux OSs

Password-related issues of remote users

When employees work remotely, they may work in a different time zone than the IT team. In such cases, remote employees could be stranded for hours, unable to log in to their machine for an entire day or clock in to record their work hours. This isn't good for productivity. ADSelfService Plus enables Active Directory (AD) password reset for remote users by force updating the cached domain credentials in their machines through a VPN.

cached-credentials-update-diagram

ADSelfService Plus comes bundled with a logon agent that places a Reset Password/Account Unlock link on the password change screen. When a user clicks on the password reset link, it establishes a secure connection with AD through a VPN client and updates the local cached credentials

Remote password reset: How does it work?

  1. ADSelfService Plus places a Reset Password/Account Unlock link on the login screen of Windows, macOS, and Linux machines to enable self-service password reset. Clicking this link will open thepassword reset portal.

    remote-password-reset-how-does-it-work

  2. Users are required to prove their identity through any one of the enforced authentication methods, like SMS-based one-time passwords (OTPs), email-based OTPs, Google Authenticator, DUO Security, and RSA SecurID.

    enforced-authentication-methods

    Important:

    1. Users must be enrolled in ADSelfService Plus to utilize the self-service password reset and self-service account unlock capabilities.
    2. Enrollment is a one-time process where users enter their mobile number and email address, set answers to security questions, and provide other details in ADSelfService Plus in order to register for self-service password management. Learn how to enroll users.
  3. Once a user’s identity is successfully verified, they will be allowed to reset their forgotten AD domain passwords.

    Tip: Ensure password security. Use the Password Policy Enforcer to enforce strong user passwords by including special characters and blacklisting dictionary words and patterns.

    password-policy-enforcer-screen

    • ADSelfService Plus resets the AD password and alerts the logon agent about the successful completion.
    • The logon agent establishes a secure connection with AD through a VPN client and initiates a request for updating the local cached credentials.
    • After the request is successfully approved by AD, the cached credentials are locally updated on the user's machine.

Installing the ADSelfService Plus logon agent on users' machines

Before users can reset forgotten passwords from their login screen, admins have to deploy the logon agent on users’ machines in any of the following ways:

  1. 1. From the ADSelfService Plus admin console
    1. Download and install ADSelfService Plus.
    2. Navigate to the Configuration tab → Administrative ToolsGINA/Mac/Linux.
    3. Click GINA/Mac/Linux Installation.
    4. In the New Installation section, choose the required Domain from the drop-down.
    5. Click Add OUs to select the OUs for which the logon agent must be installed. Click Get Computers.
    6. Now, select the computers to which the logon agent needs to be pushed.

      installing-the-adselfService-plus-logon-agent

    7. Click Install.
  2. 2. Installation via GPO

    Click here for the steps.

  3. 3. Installation via SCCM

    Click here for the steps.

  4. 4. Manual installation
    1. Paste the MSI package (Location: C:\ManageEngine\ADSelfService Plus\bin) in the client machine.
    2. Begin the Client Software Setup Wizard and complete the required steps.
 

See this feature inaction now!

By clicking 'Talk to an expert', you agree to processing of personal data according to the Privacy Policy.

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Email Download Link