Active Directory Password Solution

andy_ng
New Contributor

Hi all,

We are currently a mixed Windows / OS X house and have recently put in Casper to administer our Macs.

The Macs are not AD bound but we do use AD for certain services e.g. printing, WiFi (authentication) and emails (Exchange environment) etc.

Currently when staff are required to change their AD password (every 60 days), they will go onto OWA to change it.

Our new fearless leader has decided that we should migrate to Google mail for our email services and decommission the current exchange environment. The primary issue right now is finding a solution on how staff can change their password remotely without the use of OWA.

Any ideas would be much appreciated.

Thanks,

Andy

7 REPLIES 7

eti_andrei
New Contributor II

For our clients in similar situations, we opt for a web-based self-service password & account management portal. Of course, this all depends on the client's needs and budget.

Here are some tools we've deployed in the past:

https://www.manageengine.com/products/self-service-password/ (paid)

https://github.com/pwm-project/pwm (open source)

https://github.com/unosquare/passcore (open source - very basic)

jconte
Contributor II

We are AD bound for years without issue, you might want to look into Apple Enterprise Connect. You'll get different opinions from the community, but nonetheless it might help you out.

nkuhl30
Contributor

You can either port an old copy of iisadmpwd from Windows Server 2003 or use RD Web Access: http://www1.se.cuhk.edu.hk/~hmleung/wordpress/?p=1999

pchen_plaid
New Contributor II

I just rolled out Passcore myself.

iJake
Valued Contributor

Have you looked into Enterprise Connect from Apple Professional Services?
https://jamfnation.jamfsoftware.com/discussion.html?id=17757

EliasG
Contributor

@pchen_plaid How did you roll it out? Looking to to test it.

galionschools
Contributor

Passcore has an excellent, easy to use ui but it if you're looking for something to allow staff to change passwords when it expires it won't fit the bill. Similarly it doesn't like or allow a new password to be created if it's set in AD to "User must change password at next logon". Back to the drawing board for me at least.