Remote Active Directory user password reset management

ADSelfService Plus enables work-from-home (WFH) users to reset their AD passwords securely and remotely, so they can accomplish their work without interruptions or security concerns due to password issues.

Highlights

• Enables remote users to reset their AD domain passwords and update local cached credentials.
• Sends password expiration notifications to users and enables them to easily change their passwords from a web browser or a mobile app.
• Adds an extra layer of security by implementing two-factor authentication for remote desktop users.

The ADSelfService Plus advantage

Provides more value

ADSelfService Plus provides adaptive MFA for endpoints and cloud applications, adaptive SSO, password sync, password policy enforcer, and directory self-update, in addition to password reset and password expiration notification.

Reduces costs and improves productivity

Whether users are working from home or traveling, ADSelfService Plus enables them to handle domain password reset issues on their own.

Improves security posture

With MFA and password policy enforcer, ADSelfService Plus helps improve password security, and adds another layer of authentication to secure user accounts.

How to change Active Directory password remotely for WFH users

ADSelfService Plus supports self-service domain password reset for WFH and remote users by enabling users to reset Windows password from their own machines and updating the cached credentials with and without using a VPN client. Here’s how both methods work:

• ADSelfService Plus comes bundled with a login agent for Windows. Installing it in on the users’ machines will enable a Reset Password/Unlock Account link in the login screen.
• Users can use it to reset their password after determining their identity through a series of authentication methods including biometrics, SMS-based OTP, YubiKey, and soft token authenticator apps.
• ADSelfService Plus resets the users’ passwords in AD and also updates the local cached credentials in the users’ machines.
• Users can then use their new password to log in to their machine, as well as any application that uses AD credentials such as VPN, OWA, and SharePoint.

All you need to do is install ADSelfService Plus, configure remote domain password reset through VPN, and deploy its password reset login agent to the users’ machines. Now, when users working from home forget their passwords or their passwords expire, they can simply reset their passwords from the login screen of their machines.

Remote cached credentials update with VPN

Remote cached credentials update without VPN

Don’t let password expiration interrupt your remote workforce

Password expiration is another major reason remote users are unable to access network resources or get locked out of their accounts. ADSelfService Plus supports sending AD password expiration notifications to remote users through email, SMS, and push notifications. The notification is completely customizable, supports attachment, can be sent every day, or on particular days, and even be emailed to users’ managers to make sure the users reset their passwords before expiration.

Remote desktop two-factor authentication (2FA)

Another challenge with a remote workforce is to ensure security during remote desktop activities. ADSelfService Plus supports 2FA for local and remote desktop Windows logons. Admins can force 2FA for all users or only to remote desktop users by configuring organizational units (OUs) and group-based policies in ADSelfService Plus. They can also choose from twenty different authentication methods, including biometrics, YubiKey, Google Authenticator, SMS and email-based OTP, and push notification authentication.

Deploying ADSelfService Plus for remote Active Directory users

To make ADSelfService Plus available over the internet for remote users, refer to this guide. It contains step-by-step instructions, including how to set up a reverse proxy for improved security.