ADSelfService Plus in action
How to update cached credentials for remote users using ADSelfService Plus
Supports password resets for Windows, macOS, and Linux OSs
Password-related issues of remote users
When employees work remotely, they may work in a different time zone than the IT team. In such cases, remote employees could be stranded for hours, unable to log in to their machine for an entire day or clock in to record their work hours. This isn't good for productivity. ADSelfService Plus enables Active Directory (AD) password reset for remote users by force updating the cached domain credentials in their machines through a VPN.
ADSelfService Plus comes bundled with a logon agent that places a Reset Password/Account Unlock link on the password change screen. When a user clicks on the password reset link, it establishes a secure connection with AD through a VPN client and updates the local cached credentials
Remote password reset: How does it work?
- ADSelfService Plus places a Reset Password/Account Unlock link on the login screen of Windows, macOS, and Linux machines to enable self-service password reset. Clicking this link will open thepassword reset portal.
- Users are required to prove their identity through any one of the enforced authentication methods, like SMS-based one-time passwords (OTPs), email-based OTPs, Google Authenticator, DUO Security, and RSA SecurID.
- Users must be enrolled in ADSelfService Plus to utilize the self-service password reset and self-service account unlock capabilities.
- Enrollment is a one-time process where users enter their mobile number and email address, set answers to security questions, and provide other details in ADSelfService Plus in order to register for self-service password management. Learn how to enroll users.
- Once a user’s identity is successfully verified, they will be allowed to reset their forgotten AD domain passwords.
Tip: Ensure password security. Use the Password Policy Enforcer to enforce strong user passwords by including special characters and blacklisting dictionary words and patterns.
- ADSelfService Plus resets the AD password and alerts the logon agent about the successful completion.
- The logon agent establishes a secure connection with AD through a VPN client and initiates a request for updating the local cached credentials.
- After the request is successfully approved by AD, the cached credentials are locally updated on the user's machine.
Installing the ADSelfService Plus logon agent on users' machines
Before users can reset forgotten passwords from their login screen, admins have to deploy the logon agent on users’ machines in any of the following ways:
- 1. From the ADSelfService Plus admin console
- Download and install ADSelfService Plus.
- Navigate to the Configuration tab → Administrative Tools → GINA/Mac/Linux.
- Click GINA/Mac/Linux Installation.
- In the New Installation section, choose the required Domain from the drop-down.
- Click Add OUs to select the OUs for which the logon agent must be installed. Click Get Computers.
- Now, select the computers to which the logon agent needs to be pushed.
- Click Install.
- 2. Installation via GPO
Click here for the steps.
- 3. Installation via SCCM
Click here for the steps.
- 4. Manual installation
- Paste the MSI package (Location: C:\ManageEngine\ADSelfService Plus\bin) in the client machine.
- Begin the Client Software Setup Wizard and complete the required steps.