Reset a users domain password

[Guest]

(This is what i need to do,)
most of my users are remote, when the pasword policy exspires the pasword
needs to be changed, being remote , the password cant be changed and the user
gets lock out,
How can i let my remote users change there AD domain password thu our VPN?
before it exspires, is there some 3rd party software that can do this?

thanks,

 

[Ace Fekay [MVP]]

In

(This is what i need to do,)
most of my users are remote, when the pasword policy exspires the
pasword needs to be changed, being remote , the password cant be
changed and the user gets lock out,
How can i let my remote users change there AD domain password thu our
VPN? before it exspires, is there some 3rd party software that can do
this?

thanks,

If you use OWA, you can set it up to allow them to change passwords thru the
OWA Options.

Otherwise, you are rather limited with choices.


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Try using Outlook Express or any other newsreader, configure a news
account, and point it to news.microsoft.com. Anonymous access. It's
easy and it's free:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Life isn't like a box of chocolates or a bowl of cherries or
peaches... Life is more like a jar of jalapenos. What you do today
may burn your butt tomorrow." - Garfield

 

[Guest]

Thanks for your help,
let me ask you this , once a users changes there password with OWA , will
the new password be cached to there laptop? or will they have 2 passwords
until they come into the office? the laptops are joined to the Domain.

 

[Ace Fekay [MVP]]

In

Thanks for your help,
let me ask you this , once a users changes there password with OWA ,
will the new password be cached to there laptop? or will they have 2
passwords until they come into the office? the laptops are joined to
the Domain.

There's two different things going on with passwords. If it's changed using
OWA while the laptop is not logged on, then no, it will not go into the
user's cached credentials. Reason is the LSA handles that part when the user
physically logs on to the laptop using domain credentials. The user will
still need to log on with domain credentials onto the laptop for cached
credentials to work. Do you have a VPN in use?


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Try using Outlook Express or any other newsreader, configure a news
account, and point it to news.microsoft.com. Anonymous access. It's
easy and it's free:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Life isn't like a box of chocolates or a bowl of cherries or
peaches... Life is more like a jar of jalapenos. What you do today
may burn your butt tomorrow." - Garfield

 

[Ace Fekay [MVP]]

In

Thanks for your help,
let me ask you this , once a users changes there password with OWA ,
will the new password be cached to there laptop? or will they have 2
passwords until they come into the office? the laptops are joined to
the Domain.

Re-reading the original post, you can have them change their password using
OWA, then have them connect using the VPN so they have to logon using their
new password. What type of VPN? If a third party VPN (Pix?), are you using
RADIUS to AD for authentication?

Ace

 

[Guest]

We are using a cisco ASA 5520 Device for our VPN, and we use AD for
authentication

 

[Ace Fekay [MVP]]

In

We are using a cisco ASA 5520 Device for our VPN, and we use AD for
authentication

Then it looks like you will need to go to the OWA route to change passwords.
Here are a couple articles to assist you in setting up OWA to be able to do
this:

Implementing the Change Password feature with Outlook Web Access
http://support.microsoft.com/kb/297121

Enable Password Changing through OWA in Exchange 2003
http://www.petri.co.il/enable_password_changing_through_owa_in_exchange_2003.htm

Ace

 

[Guest]

OK thanks,
--
A+, MCSE, CCNA, CCAI

In

Then it looks like you will need to go to the OWA route to change passwords.
Here are a couple articles to assist you in setting up OWA to be able to do
this:

Implementing the Change Password feature with Outlook Web Access
http://support.microsoft.com/kb/297121

Enable Password Changing through OWA in Exchange 2003
http://www.petri.co.il/enable_password_changing_through_owa_in_exchange_2003.htm

Ace

 

[Guest]

We have a sales force with laptops. They log into our domain once or
twice a month, then spend the rest of their time on the road.

We have started to expire passwords, but are running into cache
credential issues. For example, John Doe logs into the LAN with password of
december22. His password expires while he is out of the office.
When he attempts to log into OWA 2003, he is prompted for a new password.
He changes his password to december33 and successful accesses OWA.
However, the next time he attempts to log into his laptop with december33,
he gets invalid password, because cached credentials are looking for
december22.

Any suggestions?

 

[Ace Fekay [MVP]]

In

We have a sales force with laptops. They log into our domain once or
twice a month, then spend the rest of their time on the road.

We have started to expire passwords, but are running into cache
credential issues. For example, John Doe logs into the LAN with
password of december22. His password expires while he is out of the
office.
When he attempts to log into OWA 2003, he is prompted for a new
password. He changes his password to december33 and successful
accesses OWA. However, the next time he attempts to log into his
laptop with december33, he gets invalid password, because cached
credentials are looking for december22.

Any suggestions?

Since you are using the Cisco VPN, is it setup to start with the laptop
coming up or does the user have to invoke it after they logon? Ideally, have
it set to autostart BEFORE they logon to the laptop, this way they are
forced to logon and establish the VPN using the new credentials, which
Windows will now take. Try that out and post back.

 

[Darren]

Maybe I'm wrong and excuse me if I am, but can the user change their
password by ctrl-alt-delete while VPN into the network ? won't this work ??
Just me "two cents"

 

[Ace Fekay [MVP]]

In

Maybe I'm wrong and excuse me if I am, but can the user change their
password by ctrl-alt-delete while VPN into the network ? won't this
work ?? Just me "two cents"

Yes, once they're VPN'd in. But his is a chicken/egg issue.

Ace