- Free Edition
- Quick Links
- Multi-factor authentication
- Adaptive MFA
- Active Directory MFA
- Conditional access
- Passwordless authentication
- Endpoint MFA
- MFA for remote and local Windows logons
- MFA for Windows servers
- MFA for remote and local macOS logons
- MFA for remote and local Linux logons
- MFA for VPN logons
- MFA for OWA logons
- MFA for RDP
- Offline MFA
- MFA for UAC
- Device-based MFA
- MFA for cloud apps
- MFA for Microsoft 365 users
- Phishing-resistant MFA More..
- Password management
- Password management and security
- Self-service password reset
- Self-service account unlock
- Web-based domain password change
- Password expiration notifications
- Password synchronization
- Password policy enforcer
- Cached credentials update
- Reporting and auditing
- Password self-service from logon screens
- Help-desk-assisted password reset
- Mobile password management
- Password security and compliance More..
- Single sign-on
- Remote work enablement
- Enterprise self-service
- Reporting and auditing
- Zero trust
- Integrations
- Security
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- EventLog Analyzer Real-time Log Analysis & Reporting
- M365 Manager Plus Microsoft 365 Management & Reporting Tool
- DataSecurity Plus File server auditing & data discovery
- RecoveryManager Plus Enterprise backup and recovery tool
- SharePoint Manager Plus SharePoint Reporting and Auditing
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools
Active Directory self-service password reset
Password reset tickets are the bane of both IT teams and end users. When the number of password reset tickets increases, IT teams often push more critical issues down the queue so users don't have to put their work on hold for too long while their passwords are reset. When left unchecked, password reset tickets can become quite expensive. Unsurprisingly, several large businesses have spent close to a million dollars resolving their password-related help desk calls.
ADSelfService Plus, an identity security solution with MFA, SSO, and self-service password management capabilities, can eliminate your IT team's password reset tickets by empowering your end users with self-service. Whether it's a forgotten Microsoft 365 or AD password, ADSelfService Plus enables users to reset their passwords on their own without IT assistance.
Self-service password reset from anywhere, at any time
With the increasing adoption of cloud applications and BYOD policies, users are leveraging multiple access points aside from their workstations to complete their tasks. ADSelfService Plus enables users to perform self-service password resets and account unlocks regardless of their location.
Password reset from logon screens
Allow users to reset passwords from their Windows, macOS, and Linux login screens.
Learn morePassword reset from mobile devices
Empower users to reset their passwords from their Android and iOS devices.
Learn morePassword reset from a private network
Allow users to update their locally cached credentials after a remote password reset.
Learn morePassword reset from web browsers
Enable users to securely reset their password using ADSelfService Plus' web portal.
Supported platforms
ADSelfService Plus supports multiple user directories for self-service password reset, including: AD, Microsoft 365, OpenLDAP, AD LDS, Google Workspace, MS SQL, Salesforce, IBM AS400, HP UX, and Oracle DB.
How self-service password reset works
- A user who has forgotten their password initiates a password reset request from either the ADSelfService Plus web portal's login screen, their machine's login screen, or using the ADSelfService Plus mobile app.
- ADSelfService Plus checks the users' enrollment status and the policy settings applicable to them, and presents relevant MFA authenticators to the user from a list of 20 different supported MFA authenticators.
- After successful identity verification, the user is presented with the password reset screen where they can reset their password with the help of the displayed password policies.
- Once the password is reset, ADSelfService Plus updates the AD with the new password. The user is then notified, either through email, SMS, or push notification, about the status of the password reset operation.
- The user will then be able to log in to their account using their new password.
Stringent MFA techniques to secure password resets
ADSelfService Plus enables admins to trigger a preconfigured authentication workflow once users initiate a self-service password reset request. It offers 20 different authentication techniques including FIDO passkeys, biometrics, and YubiKey to authenticate users during self-service password reset and account unlock. Some users have access to sensitive business data, and if their accounts are hacked by an attacker, it can lead to disastrous consequences. To combat this, ADSelfService Plus offers admins the option to enforce authenticators of varying intensities for different types of users.
Conditional access policies to automate access control
ADSelfService Plus' conditional access policies allow admins to set context-based rules or conditions to vary the intensity of the authentication process for self-service password reset. The authentication factors present to users are altered based on their IP address, time of request, device used, and geolocation. For example, if an AD self-service password reset request is received from an untrusted IP address outside of business hours, the user will be presented with more stringent authenticators for identity verification as configured.
Strong passwords that can thwart various password attacks
ADSelfService Plus' Password Policy Enforcer provides stringent password policies that restrict the use of predictable patterns, dictionary words, and repeated characters in newly created passwords. Also, by integrating ADSelfService Plus with Have I been Pwned, a breached password database, you can block weak and compromised passwords from your organization. This way, you can defend against multiple password-based cyberattacks, including brute-force, credential stuffing, and dictionary attacks.
Secure remote password reset for hybrid work environments
ADSelfService Plus allows users to reset their passwords securely from anywhere, at any time. This means that they can perform a remote self-service password reset even when they are not connected to the organization's network. ADSelfService Plus' cached credentials update feature then updates their locally cached credentials with the newly reset password, ensuring uninterrupted user productivity and reduced IT workload.
Supported authenticators for password self-service
ADSelfService Plus supports many authentication factors to secure password self-service, such as:
For the complete list of authenticators, click here.
FIDO passkeys
Fingerprint authentication
Microsoft Authenticator
TOTPs
Duo Security
YubiKey Authenticator
Types of password reset tickets admins and help desk teams encounter from end users
- I have forgotten my Windows password.
- I am unable to log in to my account.
- Someone has changed my Windows AD password, and I want to reset it.
- I am unable to log in to my account with my AD domain password.
- How do I recover my AD account?
- How do I change or reset my Windows AD password?
- I have shared my password with a colleague and want to change it. How do I change my AD password?
- Can I use my colleague's machine and change my domain password using a password self-service web portal?
- Can I change my password myself from the Ctrl+Alt+Del screen?
These routine password queries can be eliminated using a self-service password reset tool, and your best bet is ADSelfService Plus.
Ensure 100% enrollment with ADSelfService Plus
Before users can take advantage of password self-service using ADSelfService Plus, they must be fully enrolled in MFA. To make the enrollment process smooth for both IT administrators and end users, ADSelfService Plus allows you to:
-
Send alerts
Notify users to enroll in MFA via email and push notifications.
-
Force users to enroll
Force users to enroll when they log in to their machines with a persistent pop-up dialogue box.
-
Preload user profiles
Utilize users' existing AD information for enrollment.
-
Upload enrollment data
Automatically enroll users by importing necessary enrollment data from an external database or using CSV files.
Why choose ADSelfService Plus as your self-service password reset software?
Improved ROI
Witness drastic reductions in password-related tickets and help desk costs after deploying ADSelfService Plus. You can calculate the ROI you get on deploying ADSelfService Plus here.
Enhanced user experience
Empower users to securely manage their own passwords and profile information, adding value to their role in the organization while reducing the load on the help desk team.
Flexibility and security
Allow users to reset passwords and unlock their accounts from anywhere, at any time. You can also create different policies for different types of users in the organization according to their role and level of access to sensitive data.
Simplified auditing and tracking
Allow users to reset passwords and unlock their accounts from anywhere, at any time. You can also create different policies for different types of users in the organization according to their role and level of access to sensitive data.
FAQs
Self-service password reset empowers users to reset their own passwords after successfully verifying their identity without help desk assistance.
Self-service password reset is safer than a password reset performed by an IT administrator because the former ensures that only the user knows their newly reset password. The latter not only causes the IT admin to unnecessarily know a user's password, but it also exposes the password to attacks as it is transmitted over the network to the user.
In self-service password reset, users are verified with strong authentication factors, which adds to the security of the process.
Implementing self-service password reset drastically reduces the burden on the IT help desk, saves costs incurred due to password reset tickets, and enhances organizational security.
ADSelfService Plus is a self-service password reset tool that helps users reset their own AD passwords without IT assistance. Using ADSelfService Plus, users can easily reset their passwords either from a web portal, their logon screens, or their mobile devices.
To reset your password using ADSelfService Plus, go to ADSelfService Plus' password reset web portal, your machine's login screen, or the mobile app, and complete the required identity verification steps to reset your domain password. If you don't have ADSelfService Plus already installed, you can download and install the solution using these links.
ADSelfService Plus also supports
Adaptive MFA
Enable context-based MFA with 19 different authentication factors for endpoint and application logins.
Enterprise single sign-on
Allow users to access all enterprise applications with a single, secure authentication flow.
Remote work enablement
Enhance remote work with cached credential updates, secure logins, and mobile password management.
Powerful integrations
Establish an efficient and secure IT environment through integration with SIEM, ITSM, and IAM tools.
Enterprise self-service
Delegate profile updates and group subscriptions to end users and monitor these self-service actions with approval workflows.
Zero Trust
Create a Zero Trust environment with advanced identity verification techniques and render your networks impenetrable to threats.
