• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 59
  • Last Modified:

Password changes using SharePoint

Here is the situation:

I have over 100 users who are remote from the corporate office who access SharePoint with an active directory account. There system is not at the corporate office they only access SharePoint through a browser. Their account is created by the IT department and sent to them via email. Once the account has reached 90 days the password needs to be changed. However, there is no prompt for them to change it. I believe that SharePoint doesn't provide this feature. What can be done or other options?
0
cyberservices
Asked:
cyberservices
  • 4
  • 4
  • 2
  • +2
2 Solutions
 
SeanSystem EngineerCommented:
I would suggest a powershell script to check password age and send an email out to the users when it will expire in x number of days.
0
 
Ajit SinghCommented:
Check this article to notify users via email when their passwords expire:
http://expert-advice.org/2017/01/automate-password-change-notification-email/

You can create a group where you apply the 90-day policy. First, query AD to get all users who have changed the password during the last 76 days. Then add them to the group.  

Fine-Grained Password and Account Lockout Policy Step-by-Step Guide:
https://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx

You may also get help from this password expiration notifier to automatically alert your users to change their passwords timely.

Hope this helps!
0
 
McKnifeCommented:
You can allow users to use a webpart in sharepoint to change their passwords: http://glorix.blogspot.de/2007/10/ad-change-password-webpart.html
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
cyberservicesAuthor Commented:
Using SharePoint 2013 standard on premise. In Active directory I selected the option for a user to change the password the next time they log on. However, the option in the Windows Security dialog box does not give this option. It keeps coming back of just entering the password again. Is there a setting I'm missing or need to change? I believe there is no mechanism for SharePoint 2013 to change password. Is there a web part out there for SharePoint 2013?
0
 
McKnifeCommented:
I guess my linked code would work in 2013 - did you try it?
0
 
Walter CurtisSharePoint AEDCommented:
You are correct, there is no way to change an AD password from SharePoint out of the box. As you mention, when you get the windows login dialog and it keeps coming back, that is a good indication that the account is locked because the password has expired or locked because the user exceeded the passwords tries count. This is very frustrating for sure.

The information about sending out a notifications is helpful, but still doesn't allow the user the opportunity to change the password. The web part suggested from McKnife looks promising, but I have never tried it.

Microsoft has a few products to handle this situation but they are not cheap and I am not sure what the current advisable Microsoft product is. In similar situation I have been it, either the company had a management tool such as Oracle ID Manager or used a home grown password reset solution, which worked great but took a lot of time to develop.

So in other words, I have no answer for you, just some additional information to consider.

Good luck...
0
 
cyberservicesAuthor Commented:
I did find this: Password reset option in RD WebAccess on Windows Server 2012. But how do you set it up?
0
 
McKnifeCommented:
Do you even have a RD session host that is accessible by these remote people? If not, you can't use that.
0
 
cyberservicesAuthor Commented:
I can create one. But what documentation is available to install this host?
0
 
Walter CurtisSharePoint AEDCommented:
Thanks, good luck...
0
 
McKnifeCommented:
I would not setup an RD session host just for password changes, that is a very weird idea and also has licensing costs (RD CALs) to consider.
You have not yet commented on the idea of using what I linked, a webpart for sharepoint that allows password changing within sharepoint.
0
 
cyberservicesAuthor Commented:
I'm looking at a third party web part that will do just fine and send out emails when the password is ready to expire. Thanks everyone.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 4
  • 4
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now