This may be a stupid questions but I've got a new AD implimentation and have created all the users with a user unique password that they know, but I've also set it to force a pw change at login. The only thing we have in this new domain is a SP 2007 web site (with servers and controllers), but we want to migrate a few thousand users after we get this issue solved. I'd like to point users to a website that would force them to change their AD pw and then pass them on to the SP site. I don't want to take the time to implement an IdM solution or a tree sync, I just want the users to enter the pw of their choice on non-AD PCs through a browser and at a very low cost and work. I've thought about a Kerberos server and a web part, but didn't want to take the time to learn it. Any ideas?