- Free Edition
- Quick Links
- MFA
- Self-Service Password Management
- Single Sign-On
- Password Synchronizer
- Password Policy Enforcer
- Employee Self-Service
- Reporting and auditing
- Integrations
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- EventLog Analyzer Real-time Log Analysis & Reporting
- M365 Manager Plus Microsoft 365 Management & Reporting Tool
- DataSecurity Plus File server auditing & data discovery
- RecoveryManager Plus Enterprise backup and recovery tool
- SharePoint Manager Plus SharePoint Reporting and Auditing
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools
Reduce password reset tickets and improve IT efficiency
Password reset requests are one of the most common causes of help desk overload. Every forgotten password or locked account delays employees, impacts productivity, and consumes valuable IT resources. In large enterprises, resolving password-related support calls can cost hundreds of thousands of dollars annually.
ADSelfService Plus is a powerful AD self-service password reset solution that enables users to reset passwords, unlock accounts, and regain access without contacting the help desk. Organizations can reduce costs, improve user experience, and strengthen identity security by automating password recovery.
Whether users forget their AD or other connected enterprise passwords, ADSelfService Plus helps them restore access in minutes.
Self-service password reset from anywhere, at any time
Modern organizations operate across remote or hybrid environments. Users need secure access to password recovery tools wherever they work. ADSelfService Plus enables self-service password reset through multiple channels:
Password reset from login screens
Allow users to reset passwords directly from Windows, macOS, and Linux logon screens.
Password reset from mobile devices
Users can securely reset passwords through Android and iOS devices using the ADSelfService Plus mobile app.
Password reset from remote networks
Users working outside the corporate network can reset passwords securely and update cached credentials without VPN dependency.
Password reset from web browsers
Enable users to reset passwords and unlock accounts through the ADSelfService Plus web portal.
Beyond AD self-service password reset: Multi-platform synchronization
ADSelfService Plus extends self-service password reset beyond AD environments and supports password synchronization across multiple enterprise applications, including:
- OpenLDAP
- AD LDS
- Google Workspace
- Salesforce
- Oracle DB
- MS SQL
- IBM AS400
- HP UX
- Other AD domains
This makes ADSelfService Plus ideal for organizations managing complex identity infrastructures.
How AD self-service password reset works
- A user initiates AD password reset by providing their AD username.
- ADSelfService Plus checks the users' enrollment status and policy settings, and presents a relevant MFA session.
- After successful identity verification, the user is presented with the password reset screen where they can reset their password with the help of the displayed password policies.
- Once the password is reset, ADSelfService Plus updates the AD with the new password. The user is then notified about the status of the AD password reset operation.
- The user will then be able to log in to their AD account using their new password.
Truly easy to use, to administer, and implement
- Marc Lehto, Kubota Materials
Multi-factor authentication security for AD password reset
Password reset systems must be secure against identity fraud and unauthorized access. ADSelfService Plus protects password recovery workflows with over 20 authentication methods, including:
- FIDO passkeys
- Fingerprint authentication
- Microsoft Authenticator
- Google Authenticator
- Duo Security
- YubiKey Authenticator
Using MFA for password reset, users' identities are protected beyond password takeovers. Fine-grained policies help admins apply stronger authentication workflows for privileged users or departments handling sensitive business data.
Authentication method comparison
Here is a comparison of the methods supporting MFA for password resets.
| Authentication method | Security level | User convenience | Best use case |
|---|---|---|---|
| FIDO passkeys | Very high | High | Sensitive environments |
| Biometrics | High | Very high | Mobile app password reset |
| Authenticator apps | High | High | General end users |
Conditional access for smarter AD self-service password resets
ADSelfService Plus supports conditional access policies based on contextual risk factors such as:
- IP address
- Device type
- Geolocation
- Business hours
For example, a password reset request from an unknown location outside office hours can automatically trigger stronger MFA verification.
This helps balance user convenience with stronger security controls.
Strong password policies to prevent credential attacks
ADSelfService Plus includes password policy enforcer to block weak passwords and improve password hygiene.
- Block predictable patterns: Prevent easy-to-guess sequences and common combinations.
- Block dictionary words: Stop passwords based on common words or phrases.
- Block repeated characters: Restrict passwords with repeated letters, numbers, or symbols.
- Block compromised passwords: Prevent the use of passwords exposed in known breaches.
Have I Been Pwned integration: ADSelfService Plus integrates with Have I Been Pwned? to screen passwords against breach databases and block unsafe choices.
These password security measures protect accounts from brute-force attacks, credential stuffing, and dictionary attacks by preventing users from creating weak, reused passwords.
Secure password reset for hybrid workforces
Remote users frequently need password resets while disconnected from the corporate network. ADSelfService Plus enables users to securely reset their passwords without requiring VPN access, ensuring they can quickly regain account access from anywhere. It offers cached credentials update to automatically refresh locally stored credentials after a password reset, allowing users to sign in without disruption. This helps organizations support hybrid work environments by eliminating VPN dependency, speeding up recovery for remote employees, reducing IT workload, and improving overall workforce productivity.
Common password reset tickets help desks receive
Without AD self-service password reset, IT teams often receive requests such as:
- I forgot my Windows password
- My Active Directory account is locked
- How do I reset my domain password?
- I cannot log in with my AD password
- Someone knows my password and I need to change it
- Can I reset my password from Ctrl+Alt+Del?
These repetitive tickets can be drastically reduced with ADSelfService Plus.
Ensure 100% user registration for AD self-service password reset
Self-service password reset only works when users are enrolled. ADSelfService Plus helps organizations maximize adoption with built-in enrollment tools.
-
Send alerts
Remind users to complete enrollment through email and push notifications.
-
Force enrollment
Require users to register when they sign in, with prompts that continue until enrollment is completed.
-
Preload user profiles
Pull existing AD details automatically to make signup quicker and easier.
-
Bulk enrollment
Enroll large groups of users at once by importing data from CSV files or external databases.
By enforcing self-service password reset enrollment, admins can observe:
- Faster AD self-service password reset rollout.
- Higher AD password reset adoption.
- Better MFA coverage for AD accounts.
Notification systems that improve user experience
Timely communication improves adoption and reduces confusion. ADSelfService Plus supports multiple password reset notification channels.
-
User notifications
Keep users informed with enrollment reminders, password reset confirmations, and important updates.
-
Login prompts
Show on-screen reminders during sign-in to encourage timely enrollment or required actions.
-
Manager notifications
Notify managers about pending user enrollments or important password reset activities when needed.
Why choose ADSelfService Plus as your self-service password reset software?
Improved ROI
Lower help desk costs and reduce password-related support volume.
Enhanced user experience
Allow users to resolve password issues instantly without waiting for IT.
Flexibility and security
Enable password reset from anywhere while enforcing MFA and conditional access.
Simplified auditing and reporting
Track password reset attempts, enrollment status, and policy compliance through centralized reports.
Highlights of ADSelfService Plus
Password self-service
Unburden Windows AD users from lengthy help desk calls by empowering them with self-service password reset and account unlock capabilities.
Multi-factor authentication
Enable context-based MFA with 20 different authentication factors for endpoint, application, VPN, OWA, and RDP logins.
One identity with single sign-on
Get seamless one-click access to more than 100 cloud applications. With enterprise single sign-on (SSO), users can access all their cloud applications using their Windows AD credentials.
Password and account expiry notifications
Notify Windows AD users of their impending password and account expiry via email and SMS notifications.
Password synchronization
Synchronize Windows AD user passwords and account changes across multiple systems automatically, including Microsoft 365, Google Workspace, IBM iSeries, and more.
Password policy enforcer
Strong passwords resist various hacking threats. Enforce Windows AD users to adhere to compliant passwords by displaying password complexity requirements.
FAQs
Self-service password reset empowers users to reset their own passwords after successfully verifying their identity without help desk assistance.
Self-service password reset is safer than a password reset performed by an IT administrator because the former ensures that only the user knows their newly reset password. The latter not only causes the IT admin to unnecessarily know a user's password, but it also exposes the password to attacks as it is transmitted over the network to the user.
In self-service password reset, users are verified with strong authentication factors, which adds to the security of the process.
Implementing self-service password reset drastically reduces the burden on the IT help desk, saves costs incurred due to password reset tickets, and enhances organizational security.
ADSelfService Plus is a self-service password reset tool that helps users reset their own AD passwords without IT assistance. Using ADSelfService Plus, users can easily reset their passwords either from a web portal, their logon screens, or their mobile devices.
To reset your password using ADSelfService Plus, go to ADSelfService Plus' password reset web portal, your machine's login screen, or the mobile app, and complete the required identity verification steps to reset your domain password. If you don't have ADSelfService Plus already installed, you can download and install the solution using these links.
