Password changes using SharePoint

cyberservices
cyberservices used Ask the Experts™
on
Here is the situation:

I have over 100 users who are remote from the corporate office who access SharePoint with an active directory account. There system is not at the corporate office they only access SharePoint through a browser. Their account is created by the IT department and sent to them via email. Once the account has reached 90 days the password needs to be changed. However, there is no prompt for them to change it. I believe that SharePoint doesn't provide this feature. What can be done or other options?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
SeanSystem Engineer

Commented:
I would suggest a powershell script to check password age and send an email out to the users when it will expire in x number of days.
E ATech Lead

Commented:
Check this article to notify users via email when their passwords expire:
http://expert-advice.org/2017/01/automate-password-change-notification-email/

You can create a group where you apply the 90-day policy. First, query AD to get all users who have changed the password during the last 76 days. Then add them to the group.  

Fine-Grained Password and Account Lockout Policy Step-by-Step Guide:
https://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx

You may also get help from this password expiration notifier to automatically alert your users to change their passwords timely.

Hope this helps!
Distinguished Expert 2018

Commented:
You can allow users to use a webpart in sharepoint to change their passwords: http://glorix.blogspot.de/2007/10/ad-change-password-webpart.html
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Author

Commented:
Using SharePoint 2013 standard on premise. In Active directory I selected the option for a user to change the password the next time they log on. However, the option in the Windows Security dialog box does not give this option. It keeps coming back of just entering the password again. Is there a setting I'm missing or need to change? I believe there is no mechanism for SharePoint 2013 to change password. Is there a web part out there for SharePoint 2013?
Distinguished Expert 2018

Commented:
I guess my linked code would work in 2013 - did you try it?
Walter CurtisSharePoint AED
Distinguished Expert 2018
Commented:
You are correct, there is no way to change an AD password from SharePoint out of the box. As you mention, when you get the windows login dialog and it keeps coming back, that is a good indication that the account is locked because the password has expired or locked because the user exceeded the passwords tries count. This is very frustrating for sure.

The information about sending out a notifications is helpful, but still doesn't allow the user the opportunity to change the password. The web part suggested from McKnife looks promising, but I have never tried it.

Microsoft has a few products to handle this situation but they are not cheap and I am not sure what the current advisable Microsoft product is. In similar situation I have been it, either the company had a management tool such as Oracle ID Manager or used a home grown password reset solution, which worked great but took a lot of time to develop.

So in other words, I have no answer for you, just some additional information to consider.

Good luck...

Author

Commented:
I did find this: Password reset option in RD WebAccess on Windows Server 2012. But how do you set it up?
Distinguished Expert 2018
Commented:
Do you even have a RD session host that is accessible by these remote people? If not, you can't use that.

Author

Commented:
I can create one. But what documentation is available to install this host?
Walter CurtisSharePoint AED
Distinguished Expert 2018

Commented:
Thanks, good luck...
Distinguished Expert 2018

Commented:
I would not setup an RD session host just for password changes, that is a very weird idea and also has licensing costs (RD CALs) to consider.
You have not yet commented on the idea of using what I linked, a webpart for sharepoint that allows password changing within sharepoint.

Author

Commented:
I'm looking at a third party web part that will do just fine and send out emails when the password is ready to expire. Thanks everyone.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial