Starting, accessing, and stopping ADSelfService Plus

    This section explains how to start and stop ADSelfService Plus and how administrators and end users can access the product. It also covers access methods across multiple platforms, including web browsers, native logon screens, and mobile devices.

    How it works

    ADSelfService Plus runs either as a Windows service or as a standalone application. Once started, the product hosts a web-based console that administrators use for configuration and that end users use for self-service actions such as password resets and account unlocks. Optional components, such as login agents and mobile apps, extend access to native logon screens and mobile devices.

    Prerequisites

    • ADSelfService Plus installed on a supported Windows server.
    • Administrative privileges on the host machine.
    • Network access to the ADSelfService Plus server and configured port (default port for HTTP is 8888 and HTTPS is 9251)
    • Supported web browser for console access
    • For mobile access:
      • Internet connectivity or internal network access to the ADSelfService Plus server
      • SSL enabled
    • For login screen access:
      • ADSelfService Plus login agent installed on end-user machines

    Limitations

    • When run as an application, ADSelfService Plus inherits the privileges of the logged-in user. If the user logs out, the session is terminated.
    • Mobile app deployment through ADSelfService Plus is supported only for iOS devices.
    • Offline access is not supported for the mobile web app.

    If ADSelfService Plus is installed as a Windows service:

    1. Open Services (services.msc).
    2. Locate ManageEngine ADSelfService Plus.
    3. Right-click the service and select Start, or select the service and click Start the service from the left pane.
    4. Verify that the Status column shows Running.
    Note: When run as a service, ADSelfService Plus uses the privileges of the configured service account (for AD) or Microsoft Entra ID application (for Entra ID).

    Exclude the ADSelfService Plus installation directory from antivirus, EDR, and XDR to prevent service interruptions.

    Starting ADSelfService Plus as an application

    If ADSelfService Plus is not installed as a service:

    1. Navigate to Start > Programs > ADSelfService Plus > Start ADSelfService Plus.
    2. The ADSelfService Plus client automatically launches in the default web browser.
    Note: > On systems with a firewall enabled, Windows may display a security alert for Zulu Platform and wrapper file. Ensure the program is allowed to communicate through the firewall.

    Accessing the ADSelfService Plus web console

    To access the ADSelfService Plus client manually:

    1. Open a supported web browser.
    2. Enter http://<hostname>:8888 in the address bar.
      • Replace <hostname> with the DNS name or IP address of the server.
      • Replace 8888 if a custom port is configured.
    3. Log in using the default credentials:
      • Username: admin
      • Password: admin

    You are prompted to change the password after applying the product license. Use the updated password for all subsequent logins.

    Accessing ADSelfService Plus from native logon screens

    ADSelfService Plus can be accessed directly from the native logon screens of Windows, macOS, and Linux machines, allowing users to reset passwords or unlock accounts without logging in.

    To enable this functionality:

    1. Deploy the ADSelfService Plus login agent on end-user machines.
    2. The agent extends the native logon screen with self-service options.

    For platform-specific instructions, refer to the Windows, macOS, or Linux login agent installation guides.

    Accessing ADSelfService Plus from mobile devices

    ADSelfService Plus provides mobile access through:

    • Native iOS and Android apps
    • A mobile web app for other platforms

    You can download the iOS app from the App Store and the Android App from the Play Store. The mobile web app can be accessed from mobile web browsers like Google Chrome.

    Tip: If you have enabled the desktop site option by default, in your mobile browser settings, you can use the URL http://servername:8888/m/home.

    Supported self-service actions include:

    • Reset password
    • Unlock account (AD-specific)
    • Change password
    • Enrollment
    • Push notifications

    Configuring the iOS and Android apps

    Before users can use the mobile app, they have to configure the app to communicate with the ADSelfService Plus server.

    The mobile app can be configured using one of the following methods:

    Manual configuration by the user

    1. Open the ADSelfService Plus mobile app.
    2. Tap Server Settings.
    3. In the Server Settings page, enter the Server name or IP address of the ADSelfService Plus server.
    4. Enter the Port number.
    5. Enable SSL by switching the Protocol toggle to HTTPS, if required.
    6. Tap Save.

    Configuration using a QR code

    1. Open the ADSelfService Plus mobile app and tap Server Settings.
    2. Tap Scan QR Code on the bottom left-corner of the home screen.
    3. Log in to the ADSelfService Plus self-service portal using a web browser. You can also click on either the Reset Password or Unlock Account button.
    4. Click Mobile Access.
    5. Scan the displayed QR code using the mobile app to configure the server settings automatically.
    Note: > The Access URL is automatically embedded in the QR code. For more information about Access URL, please click here.

    Configuration using the mobile app deployment feature (iOS only)

    To deploy and configure the mobile app remotely:

    1. Log in to ADSelfService Plus.
    2. Navigate to Configuration > Administrative Tools > Mobile App Deployment.
    3. Select the domain and click Configured Devices.
    4. Select the target devices.
    5. Choose Install and configure app.
    6. Click Install.

    The following values are automatically used for configuring the server:

    • Server name: Hostname specified in the SSL certificate
    • Port: ADSelfService Plus listening port
    • Protocol: HTTPS

    You can also use third-party MDM tools such as ManageEngine Mobile Device Manager Plus. Use the following parameters:

    • serverName
    • serverPort
    • ServerProtocol

    Launching the mobile web app

    1. Open a web browser from your mobile.
    2. Enter http://<hostname>:8888 in the address bar of the mobile browser. Here hostname refers to the machine where ADSelfService Plus is running and 8888 denotes the port number.
    3. Log in to access supported self-service features.

    Stopping ADSelfService Plus

    When running as an application

    1. Navigate to Start > Programs > ADSelfService Plus > Stop ADSelfService Plus. Alternatively, you can also right-click the ADSelfService Plus system tray icon and shut down the application using the Shut Down Server option.
    When running as a Windows service

    1. Open Services (services.msc).
    2. Select ManageEngine ADSelfService Plus.
    3. Click Stop the service.

    Tips

    • Always run ADSelfService Plus as a Windows service in production environments.
    • Enable SSL and configure a public-facing Access URL for secure remote and mobile access.
    • Deploy login agents and mobile apps in advance to reduce help desk calls during password-related incidents.
    • Regularly review firewall, antivirus, and network settings after product upgrades.