Pricing  Get Quote

Cached Credentials

Update Windows cached credentials using ADSelfService Plus

Start free trial

ADSelfService Plus—an identity security solution with adaptive MFA, single sign-on, and password management capabilities—allows users to securely reset their passwords in Active Directory, automatically update cached domain credentials remotely on their machines, and more.

What are Active Directory cached credentials?

When a user logs into an Active Directory domain for the first time, a form of the login credentials is cached locally on their machine (example: Windows 10 or Windows 7 laptops). Every subsequent time the user tries to log on to their Windows machine, that login information is verified against the cached Active Directory login credentials stored in the machine. If the verification succeeds, the user is then allowed to access the machine. This cached credential allows users to log on to their Windows machines when they have no way of reaching the domain controller for authentication.

What are some common issues faced by remote users?

In some cases, remote Active Directory users are unable to access their machines since their cached credentials have expired. Users are typically prompted to change their soon-to-expire Active Directory passwords from their Windows taskbar, but this doesn't happen unless they connect to their corporate network via a virtual private network (VPN) or by using a remote desktop protocol (RDP) connection.

In some cases, remote users are unable to access their machines since their cached credentials have expired. Some users seldom connect to their corporate network via a virtual private network (VPN) or use remote connections (RDP), so they're not prompted to change their soon-to-expire Active Directory passwords from their Windows taskbar.

How can remote users update Windows cached credentials?

ADSelfService Plus comes bundled with a GINA/CP client, which places the Reset Password/Account Unlock link right on the Windows logon screen once installed. By clicking this link, users can reset their domain passwords. After a successful remote AD password reset, the cached password is automatically updated in the user's machine.

How ADSelfService Plus updates cached credentials

Cached Credentials Update
  • When remote users forget their Windows passwords, they can use ADSelfService Plus’ GINA/CP client to reset their password right from the logon screen of their machines. For more information on the GINA/CP client, click here.
  • ADSelfService Plus resets the password in Active Directory and notifies the GINA/CP client that the reset operation is successful.
  • The GINA/CP client establishes a secure connection with Active Directory through a VPN client, such as Fortinet or Cisco AnyConnect, and initiates a request to update the local cached credentials.
  • After the request is approved by Active Directory, ADSelfService Plus ensures a forced cached credentials update in the users' machines. Click here for a step-by-step guide on how to enable cached password updates and configure VPN settings.

Windows versions that support cached credentials update using ADSelfService Plus:

Windows server versions: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008.

Windows client versions: Windows 11, Windows 10, Windows 8.1, Windows 8, Windows 7, and Windows Vista.

Benefits of ADSelfService Plus


    Completely eliminate password reset calls

    Automatically update cached credentials for remote users and empower users to perform self-service actions, eliminating password reset requests.


    Improve employee productivity

    Give remote users the ability to regain access to their machines quickly even if they forget their passwords, which helps avoid any major business interruptions.


    Reduce costs

    The process of calling the help desk and creating a password reset ticket, bringing the machine to a corporate location for re-authentication to the AD domain, and caching the new credentials is time consuming and expensive. ADSelfService Plus eliminates this process with auto-update of cached credentials.

Allow remote users to update Active Directory
cached credentials from their login screens.

Download Now  

ADSelfService Plus also supports


    Adaptive MFA

    Enable context-based MFA with 19 different authentication factors for endpoint and application logins.

    Learn more  

    Enterprise single sign-on

    Allow users to access all enterprise applications with a single, secure authentication flow.

    Learn more  

    Remote work enablement

    Enhance remote work with cached credential updates, secure logins, and mobile password management.

    Learn more  

    Powerful integrations

    Establish an efficient and secure IT environment through integration with SIEM, ITSM, and IAM tools.

    Learn more  

    Enterprise self-service

    Delegate profile updates and group subscriptions to end users and monitor these self-service actions with approval workflows.

    Learn more  

    Zero Trust

    Create a Zero Trust environment with advanced identity verification techniques and render your networks impenetrable to threats.

    Learn more  

ADSelfService Plus trusted by