I have a domain controller on Windows Server 2008. When I set up my users, I gave them all a dummy password with the "must change on next login" checked.
Everyone's machine is all on the same network as the domain controller, but we are not forcing them to join their computers to the domain. The DC has a website which requires the use of domain accounts to access it.
How do I tell my users to change their domain passwords without connecting their PC to the domain or making them log in to a machine on the domain? I do not want anything I will have to install on each client to allow them to change their passwords (I have a password expiration policy). Most of these workstations are XP.
I downloaded a web-based password change application from http://www.netwrix.com/. I could have built one, but I don't exactly have the time. They have a freeware version that does what I need. It's in asp.net, so I was able to modify the aspx pages/layout to customize the look a little.
If you also use Exchange in your environment, depending on the version of Exchange, you may be able to implement this using OWA.
I'm guessing that the website that runs from the DC doesn't allow a change password dialog of any kind when users connect with their current passwords?
For example, one of the environments I support has Exchange 2007 on the back end. This morning I set myself to "Must change password on next login", waited a few minutes, and then logged into OWA. It let me in without changing my password, but gave me a message saying, "Your password expires today, would you like to change it now?"
This seems to be the way OWA works - when I reconnected to the server it forced me to change my password immediately, whereas OWA let me see my inbox and offered me a chance to change my password since it was expired.
If they have local logins, they can log in to their local systems and then use Remote Desktop to a domain-joined PC they're allowed login to. On first login there they'll be able to set their own password, which they can use going forward.
It sounds like the only option is for the website that runs on the DC to implement this functionality. You can't change a domain password without somehow talking to the DC, either directly or indirectly.
COVRI Password Change web part for Microsoft® SharePoint® 2010 allows end users to change their own Local NT or Active Directory password with in SharePoint environment without administrator intervention complying with the company’s Password policies. It also notifies end users when their password is about to expire.
http://store.covrisolutions.com/Password_Change_WebPart.aspx