Forcing the change of a password for Users with an Active Directory account using a BYOD

Hello. I was wondering if somebody was able to help me.

Basically, we have several sites, all setup with Server 2008 and Active Directory.

We also use Subcontractors who join and leave the company at undisclosed times.

When we're made aware of one starting, it's usually the same day and we make an account for them on the Primary DC or whichever site is most local to that user. Usually, we just set the passwords for these users and give the password to their manager or Project director.

However, for security purposes, we need to start allowing the Subcontractors to change their own passwords, without a Domain enabled computer.

I know this is possible on Linux computers as we have a development team who all use Ubuntu and they're able to change their passwords on their Linux BYOD devices using a special script that is performed through Terminal. Basically, I need to know if something is possible with Windows computers (as most of our subcontractors tend to use Windows 8.1 laptops).

Thank you for taking the time to read through the problem I am having. I look forward to seeing your replies.

September 2nd, 2015 2:54am
Do you have any IM tools in your environment ? like FIM ? If it is there, you can do achieve the self service password reset for even non domain joined machines also.
Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2015 3:27am
Hello Hema

I don't believe we do. Another solution would've been to ask the subcontractors to connect with the Guest SSID, so when they connect to that, it redirects them to a custom webpage where they login with the active directory details already given to them. Once they're logged in, it would then prompt for a password change there
September 2nd, 2015 3:55am

Hi Jacob Blackburn,

Thanks for your post.

As far as I know, you could only achieve the goal for the domain-joined computer. If you want to change passworad on the non domain joined machines, you could use the tool suggested by Hema.

Forefront Identity Manager Password Management

https://technet.microsoft.com/en-us/library/JJ590203(v=WS.10).aspx

Best Regards,

Mary Dong

Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2015 10:20pm

Hi,

What you need is Adaxes. It has got a WebUI for AD that can be accessed even from devices that are not in the domain (for that you will have to put it in a DMZ). The thing about it is that you can let users perform basically any AD operations via their browser (including self-password reset). It's completely customizable and you can setup a separate WebUI specifically for your contractors that will have only a password reset form (if that is all you want them to be able to do). So it won't really matter what OS do your subcontractors use, all of them will be able to do same operations in AD.

More info here:

http://www.adaxes.com/active-directory_web-interface

http://www.adaxes.com/active-directory_self-service-password-reset

September 3rd, 2015 3:21am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics